CVE-2025-22032

{"id": "CVE-2025-22032", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-04-16T15:15:55.823", "references": [{"url": "https://git.kernel.org/stable/c/0cfea60966e4b1239d20bebf02258295e189e82a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/5a57f8eb2a17d469d65cd1186cea26b798221d4a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/adc3fd2a2277b7cc0b61692463771bf9bd298036", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/effec50381991bc067acf4b3351a57831c74d27f", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix kernel panic due to null pointer dereference\n\nAddress a kernel panic caused by a null pointer dereference in the\n`mt792x_rx_get_wcid` function. The issue arises because the `deflink` structure\nis not properly initialized with the `sta` context. This patch ensures that the\n`deflink` structure is correctly linked to the `sta` context, preventing the\nnull pointer dereference.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000400\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 UID: 0 PID: 470 Comm: mt76-usb-rx phy Not tainted 6.12.13-gentoo-dist #1\n Hardware name: /AMD HUDSON-M1, BIOS 4.6.4 11/15/2011\n RIP: 0010:mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib]\n RSP: 0018:ffffa147c055fd98 EFLAGS: 00010202\n RAX: 0000000000000000 RBX: ffff8e9ecb652000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8e9ecb652000\n RBP: 0000000000000685 R08: ffff8e9ec6570000 R09: 0000000000000000\n R10: ffff8e9ecd2ca000 R11: ffff8e9f22a217c0 R12: 0000000038010119\n R13: 0000000080843801 R14: ffff8e9ec6570000 R15: ffff8e9ecb652000\n FS: 0000000000000000(0000) GS:ffff8e9f22a00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000400 CR3: 000000000d2ea000 CR4: 00000000000006f0\n Call Trace:\n <TASK>\n ? __die_body.cold+0x19/0x27\n ? page_fault_oops+0x15a/0x2f0\n ? search_module_extables+0x19/0x60\n ? search_bpf_extables+0x5f/0x80\n ? exc_page_fault+0x7e/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib]\n mt7921_queue_rx_skb+0x1c6/0xaa0 [mt7921_common]\n mt76u_alloc_queues+0x784/0x810 [mt76_usb]\n ? __pfx___mt76_worker_fn+0x10/0x10 [mt76]\n __mt76_worker_fn+0x4f/0x80 [mt76]\n kthread+0xd2/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n </TASK>\n ---[ end trace 0000000000000000 ]---"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mt76: mt7921: correcci\u00f3n de p\u00e1nico del kernel debido a la desreferencia de puntero nulo. Se solucion\u00f3 un p\u00e1nico del kernel causado por una desreferencia de puntero nulo en la funci\u00f3n `mt792x_rx_get_wcid`. El problema surge porque la estructura `deflink` no se inicializa correctamente con el contexto `sta`. Este parche garantiza que la estructura `deflink` est\u00e9 correctamente vinculada al contexto `sta`, lo que evita la desreferencia de puntero nulo. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000400 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 0 UID: 0 PID: 470 Comm: mt76-usb-rx phy No contaminado 6.12.13-gentoo-dist #1 Nombre del hardware: /AMD HUDSON-M1, BIOS 4.6.4 15/11/2011 RIP: 0010:mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib] RSP: 0018:ffffa147c055fd98 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff8e9ecb652000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8e9ecb652000 RBP: 0000000000000685 R08: ffff8e9ec6570000 R09: 000000000000000 R10: ffff8e9ecd2ca000 R11: ffff8e9f22a217c0 R12: 0000000038010119 R13: 0000000080843801 R14: ffff8e9ec6570000 R15: ffff8e9ecb652000 FS: 0000000000000000(0000) GS:ffff8e9f22a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000400 CR3: 000000000d2ea000 CR4: 00000000000006f0 Seguimiento de llamadas: ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2f0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib] mt7921_queue_rx_skb+0x1c6/0xaa0 [mt7921_common] mt76u_alloc_queues+0x784/0x810 [mt76_usb] ? __pfx___mt76_worker_fn+0x10/0x10 [mt76] __mt76_worker_fn+0x4f/0x80 [mt76] kthread+0xd2/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 ---[ fin de seguimiento 0000000000000000 ]---"}], "lastModified": "2025-04-29T18:57:24.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84FFB34D-0456-4FA6-8C99-7208954FD3C5", "versionEndExcluding": "6.12.23", "versionStartIncluding": "6.12.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65ADC862-CEB2-4959-A2D4-7DAACFE00C8A", "versionEndExcluding": "6.13.11", "versionStartIncluding": "6.13.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FADAE5D8-4808-442C-B218-77B2CE8780A0", "versionEndExcluding": "6.14.2", "versionStartIncluding": "6.14"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}