2406732 – (CVE-2025-40066) CVE-2025-40066 kernel: wifi: mt76: mt7996: Check phy before init msta_link in mt7996_mac_sta_add_links()

Bug 2406732 (CVE-2025-40066) - CVE-2025-40066 kernel: wifi: mt76: mt7996: Check phy before init msta_link in mt7996_mac_sta_add_links()

Summary: CVE-2025-40066 kernel: wifi: mt76: mt7996: Check phy before init msta_link in...

Keywords:
Status:	NEW
Alias:	CVE-2025-40066
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-28 12:02 UTC by OSIDB Bzimport
Modified:	2025-12-01 07:29 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-28 12:02:23 UTC

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7996: Check phy before init msta_link in mt7996_mac_sta_add_links()

In order to avoid a possible NULL pointer dereference in
mt7996_mac_sta_init_link routine, move the phy pointer check before
running mt7996_mac_sta_init_link() in mt7996_mac_sta_add_links routine.

Comment 1 Jon Moroney 2025-10-28 19:20:51 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025102817-CVE-2025-40066-02f5@gregkh/T

Comment 3 Octavia 2025-12-01 07:29:30 UTC

I've been following the mt76 line and this bug appears to be pretty consistent with real world usage. If you have a mt7996 in a multi-device environment, you should check the logs to see if the https://stealbrainrotgame.com/ dereference error occurred before the patch. The way they moved the phy check seems small, but it helps the driver to be more stable.

Note You need to log in before you can comment on or make changes to this bug.