github - ghsa-8r3f-48gc-phmq

ghsa-8r3f-48gc-phmq

Vulnerability from github

Published

2025-10-28 12:30

Modified

2025-10-28 12:30

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7996: Check phy before init msta_link in mt7996_mac_sta_add_links()

In order to avoid a possible NULL pointer dereference in mt7996_mac_sta_init_link routine, move the phy pointer check before running mt7996_mac_sta_init_link() in mt7996_mac_sta_add_links routine.

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-40066"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-28T12:15:41Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: Check phy before init msta_link in mt7996_mac_sta_add_links()\n\nIn order to avoid a possible NULL pointer dereference in\nmt7996_mac_sta_init_link routine, move the phy pointer check before\nrunning mt7996_mac_sta_init_link() in mt7996_mac_sta_add_links routine.",
  "id": "GHSA-8r3f-48gc-phmq",
  "modified": "2025-10-28T12:30:17Z",
  "published": "2025-10-28T12:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40066"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e671536c1c3c7bcad95d408a4ab42e2e54d1882"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fe5fffadc6c77c56f122cf1042dc830f59e904bf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2025-40066 (GCVE-0-2025-40066)

Vulnerability from cvelistv5

Published

2025-10-28 11:48

Modified

2025-10-28 11:48

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Check phy before init msta_link in mt7996_mac_sta_add_links() In order to avoid a possible NULL pointer dereference in mt7996_mac_sta_init_link routine, move the phy pointer check before running mt7996_mac_sta_init_link() in mt7996_mac_sta_add_links routine.

References

URL

Tags

	https://git.kernel.org/stable/c/2e671536c1c3c7bcad95d408a4ab42e2e54d1882
	https://git.kernel.org/stable/c/fe5fffadc6c77c56f122cf1042dc830f59e904bf

Impacted products

Vendor

Product

Version

Version: dd82a9e02c054052b5899872c1f32805428f6131
Version: dd82a9e02c054052b5899872c1f32805428f6131

Version: 6.15

Show details on NVD website

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/mediatek/mt76/mt7996/main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2e671536c1c3c7bcad95d408a4ab42e2e54d1882",
              "status": "affected",
              "version": "dd82a9e02c054052b5899872c1f32805428f6131",
              "versionType": "git"
            },
            {
              "lessThan": "fe5fffadc6c77c56f122cf1042dc830f59e904bf",
              "status": "affected",
              "version": "dd82a9e02c054052b5899872c1f32805428f6131",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/mediatek/mt76/mt7996/main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.15"
            },
            {
              "lessThan": "6.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.3",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18-rc1",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: Check phy before init msta_link in mt7996_mac_sta_add_links()\n\nIn order to avoid a possible NULL pointer dereference in\nmt7996_mac_sta_init_link routine, move the phy pointer check before\nrunning mt7996_mac_sta_init_link() in mt7996_mac_sta_add_links routine."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-28T11:48:36.438Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2e671536c1c3c7bcad95d408a4ab42e2e54d1882"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe5fffadc6c77c56f122cf1042dc830f59e904bf"
        }
      ],
      "title": "wifi: mt76: mt7996: Check phy before init msta_link in mt7996_mac_sta_add_links()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40066",
    "datePublished": "2025-10-28T11:48:36.438Z",
    "dateReserved": "2025-04-16T07:20:57.159Z",
    "dateUpdated": "2025-10-28T11:48:36.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.