Impact
A NULL pointer dereference occurs in the mt7925 WiFi driver when the variable vif is not initialized. This flaw can trigger a kernel panic, terminating system operation and leading to a denial‑of‑service condition. The weakness corresponds to CWE‑476 (Null Pointer Dereference).
Affected Systems
The affected product is the Linux kernel when it includes the mt76/mt7925 WiFi driver stack. No specific kernel release numbers are listed, so any kernel build that contains this driver without the patch is potentially vulnerable.
Risk and Exploitability
The EPSS score is < 1%. The CVSS score is 5.5, indicating moderate severity. The vulnerability is not listed in the CISA KEV catalog. The vulnerability allows an attacker to cause a critical crash through crafted WiFi traffic that exercises the uninitialized pointer. The likely attack vector is network‑layer exploits via malicious frames that trigger the missing initialization check. Because a single received packet can bring the system down, the flaw requires interaction with the driver, suggesting a local or network‑level attack rather than remote code execution.
OpenCVE Enrichment