{"id":"CVE-2025-22032","summary":"wifi: mt76: mt7921: fix kernel panic due to null pointer dereference","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix kernel panic due to null pointer dereference\n\nAddress a kernel panic caused by a null pointer dereference in the\n`mt792x_rx_get_wcid` function. The issue arises because the `deflink` structure\nis not properly initialized with the `sta` context. This patch ensures that the\n`deflink` structure is correctly linked to the `sta` context, preventing the\nnull pointer dereference.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000400\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 0 UID: 0 PID: 470 Comm: mt76-usb-rx phy Not tainted 6.12.13-gentoo-dist #1\n Hardware name:  /AMD HUDSON-M1, BIOS 4.6.4 11/15/2011\n RIP: 0010:mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib]\n RSP: 0018:ffffa147c055fd98 EFLAGS: 00010202\n RAX: 0000000000000000 RBX: ffff8e9ecb652000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8e9ecb652000\n RBP: 0000000000000685 R08: ffff8e9ec6570000 R09: 0000000000000000\n R10: ffff8e9ecd2ca000 R11: ffff8e9f22a217c0 R12: 0000000038010119\n R13: 0000000080843801 R14: ffff8e9ec6570000 R15: ffff8e9ecb652000\n FS:  0000000000000000(0000) GS:ffff8e9f22a00000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000400 CR3: 000000000d2ea000 CR4: 00000000000006f0\n Call Trace:\n  \u003cTASK\u003e\n  ? __die_body.cold+0x19/0x27\n  ? page_fault_oops+0x15a/0x2f0\n  ? search_module_extables+0x19/0x60\n  ? search_bpf_extables+0x5f/0x80\n  ? exc_page_fault+0x7e/0x180\n  ? asm_exc_page_fault+0x26/0x30\n  ? mt792x_rx_get_wcid+0x48/0x140 [mt792x_lib]\n  mt7921_queue_rx_skb+0x1c6/0xaa0 [mt7921_common]\n  mt76u_alloc_queues+0x784/0x810 [mt76_usb]\n  ? __pfx___mt76_worker_fn+0x10/0x10 [mt76]\n  __mt76_worker_fn+0x4f/0x80 [mt76]\n  kthread+0xd2/0x100\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork+0x34/0x50\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork_asm+0x1a/0x30\n  \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---","modified":"2026-03-20T12:41:17.766807Z","published":"2025-04-16T14:11:52.044Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/22xxx/CVE-2025-22032.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0cfea60966e4b1239d20bebf02258295e189e82a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5a57f8eb2a17d469d65cd1186cea26b798221d4a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/adc3fd2a2277b7cc0b61692463771bf9bd298036"},{"type":"WEB","url":"https://git.kernel.org/stable/c/effec50381991bc067acf4b3351a57831c74d27f"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/22xxx/CVE-2025-22032.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-22032"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3fe7acc6f4b42ccb1056c5847f18f8eb2fec0834"},{"fixed":"0cfea60966e4b1239d20bebf02258295e189e82a"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c9e40880416791287292046917e84bcb3a17e2d2"},{"fixed":"effec50381991bc067acf4b3351a57831c74d27f"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"90c10286b176421068b136da51ed83059a68e322"},{"fixed":"5a57f8eb2a17d469d65cd1186cea26b798221d4a"},{"fixed":"adc3fd2a2277b7cc0b61692463771bf9bd298036"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22032.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}