{"id":"CVE-2025-37748","summary":"iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group","details":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group\n\nCurrently, mtk_iommu calls during probe iommu_device_register before\nthe hw_list from driver data is initialized. Since iommu probing issue\nfix, it leads to NULL pointer dereference in mtk_iommu_device_group when\nhw_list is accessed with list_first_entry (not null safe).\n\nSo, change the call order to ensure iommu_device_register is called\nafter the driver data are initialized.","modified":"2026-03-20T12:42:24.571447Z","published":"2025-05-01T12:55:54.660Z","related":["SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01965-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:01972-1","SUSE-SU-2025:02000-1","SUSE-SU-2025:20408-1","SUSE-SU-2025:20413-1","SUSE-SU-2025:20419-1","SUSE-SU-2025:20421-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37748.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2f75cb27bef43c8692b0f5e471e5632f6a9beb99"},{"type":"WEB","url":"https://git.kernel.org/stable/c/38e8844005e6068f336a3ad45451a562a0040ca1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/69f9d2d37d1207c5a73dac52a4ce1361ead707f5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6abd09bed43b8d83d461e0fb5b9a200a06aa8a27"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a0842539e8ef9386c070156103aff888e558a60c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ce7d3b2f6f393fa35f0ea12861b83a1ca28b295c"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37748.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-37748"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"9e3a2a64365318a743e3c0b028952d2cdbaf2b0c"},{"fixed":"2f75cb27bef43c8692b0f5e471e5632f6a9beb99"},{"fixed":"6abd09bed43b8d83d461e0fb5b9a200a06aa8a27"},{"fixed":"a0842539e8ef9386c070156103aff888e558a60c"},{"fixed":"ce7d3b2f6f393fa35f0ea12861b83a1ca28b295c"},{"fixed":"69f9d2d37d1207c5a73dac52a4ce1361ead707f5"},{"fixed":"38e8844005e6068f336a3ad45451a562a0040ca1"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37748.json"}}],"schema_version":"1.7.5"}