CVE-2025-37748

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Currently, mtk_iommu calls during probe iommu_device_register before the hw_list from driver data is initialized. Since iommu probing issue fix, it leads to NULL pointer dereference in mtk_iommu_device_group when hw_list is accessed with list_first_entry (not null safe). So, change the call order to ensure iommu_device_register is called after the driver data are initialized.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/2f75cb27bef43c8692b0f5e471e5632f6a9beb99	Patch
https://git.kernel.org/stable/c/38e8844005e6068f336a3ad45451a562a0040ca1	Patch
https://git.kernel.org/stable/c/69f9d2d37d1207c5a73dac52a4ce1361ead707f5	Patch
https://git.kernel.org/stable/c/6abd09bed43b8d83d461e0fb5b9a200a06aa8a27	Patch
https://git.kernel.org/stable/c/a0842539e8ef9386c070156103aff888e558a60c	Patch
https://git.kernel.org/stable/c/ce7d3b2f6f393fa35f0ea12861b83a1ca28b295c	Patch
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html	Mailing List

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc1::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

04 Nov 2025, 18:07

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-476
First Time		Linux Debian Debian debian Linux Linux linux Kernel
CPE		cpe:2.3:o:linux:linux_kernel:6.15:rc1:::::: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/2f75cb27bef43c8692b0f5e471e5632f6a9beb99 -~~	() https://git.kernel.org/stable/c/2f75cb27bef43c8692b0f5e471e5632f6a9beb99 - Patch
References	~~() https://git.kernel.org/stable/c/38e8844005e6068f336a3ad45451a562a0040ca1 -~~	() https://git.kernel.org/stable/c/38e8844005e6068f336a3ad45451a562a0040ca1 - Patch
References	~~() https://git.kernel.org/stable/c/69f9d2d37d1207c5a73dac52a4ce1361ead707f5 -~~	() https://git.kernel.org/stable/c/69f9d2d37d1207c5a73dac52a4ce1361ead707f5 - Patch
References	~~() https://git.kernel.org/stable/c/6abd09bed43b8d83d461e0fb5b9a200a06aa8a27 -~~	() https://git.kernel.org/stable/c/6abd09bed43b8d83d461e0fb5b9a200a06aa8a27 - Patch
References	~~() https://git.kernel.org/stable/c/a0842539e8ef9386c070156103aff888e558a60c -~~	() https://git.kernel.org/stable/c/a0842539e8ef9386c070156103aff888e558a60c - Patch
References	~~() https://git.kernel.org/stable/c/ce7d3b2f6f393fa35f0ea12861b83a1ca28b295c -~~	() https://git.kernel.org/stable/c/ce7d3b2f6f393fa35f0ea12861b83a1ca28b295c - Patch
References	~~() https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html -~~	() https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html - Mailing List

03 Nov 2025, 20:18

Type	Values Removed	Values Added
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/mediatek: Se ha corregido la deferencia de puntero nulo en mtk_iommu_device_group. Actualmente, mtk_iommu invoca durante el sondeo de iommu_device_register antes de que se inicialice hw_list de los datos del controlador. Desde la corrección del problema de sondeo de iommu, este provoca la desreferencia de puntero nulo en mtk_iommu_device_group cuando se accede a hw_list con list_first_entry (no es seguro para nulos). Por lo tanto, se debe modificar el orden de las llamadas para garantizar que iommu_device_register se invoque después de inicializar los datos del controlador.
References		() https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html -

01 May 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-01 13:15

Updated : 2025-11-04 18:07

NVD link : CVE-2025-37748

Mitre link : CVE-2025-37748

CVE.ORG link : CVE-2025-37748

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

CWE

CWE-476

NULL Pointer Dereference

5.5 /10