Impact
A null pointer dereference occurs in the wireless driver function mt7925_tx_check_aggr() when the variable 'sta' is not checked before use. The resulting kernel crash can terminate the wireless subsystem and potentially reboot the system, causing a denial of service. This weakness is a classic null pointer dereference flaw that can be exploited by an attacker who can influence driver input or network traffic to trigger the bug.
Affected Systems
The flaw affects Linux kernel installations that include the mt76 wireless driver, specifically the mt7925 variant. The affected environments are generic Linux distributions using the standard kernel and driver stack; no specific vendor versions are listed. System administrators should verify that their kernel packages contain the latest commit references in the provided URLs.
Risk and Exploitability
No public exploitation exploits or KEV listings are available for this issue, and the EPSS score is < 1%. Based on the description, the weakest attack vector is a local or privileged network attacker who can send crafted frames that reach the function in question. The resulting crash does not lead to arbitrary code execution, but an attacker can disrupt availability. The CVSS score of 5.5 indicates a moderate risk, and the severity remains primarily a denial‑of‑service concern rather than a privilege escalation or code execution risk.
OpenCVE Enrichment