CVE-2024-57989 – This CVE describes a NULL pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2024-57989?

CVE-2024-57989 has a CVSS score of 5.5 (MEDIUM). This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's MediaTek MT7925 WiFi driver. When the mt7925_change_vif_links() function fails to allocate memory, it can cause a kernel panic or system crash. This affects Linux systems using MediaTek MT7925 WiFi hardware.

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's MediaTek MT7925 WiFi driver. When the mt7925_change_vif_links() function fails to allocate memory, it can cause a kernel panic or system crash. This affects Linux systems using MediaTek MT7925 WiFi hardware.

💻 Affected Systems

Products:

Linux kernel with MediaTek MT7925 WiFi driver

Versions: Linux kernel versions containing vulnerable mt76 driver code before fixes in stable commits

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with MediaTek MT7925 WiFi hardware. The vulnerability is triggered during WiFi interface configuration changes.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical reboot.

🟠

Likely Case

System instability or crash when specific WiFi configuration changes are attempted.

🟢

If Mitigated

Minor system disruption if kernel panic handlers properly recover.

🌐 Internet-Facing: LOW - Requires local access to trigger the vulnerable code path.

🏢 Internal Only: MEDIUM - Local users or processes could trigger the vulnerability, causing system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and ability to trigger WiFi interface configuration changes. No public exploits known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Linux kernel stable commits: 2f709fe755c16b811ba7339ae4c3ee2c72323d3d, 5872530c2862700070223a2c2ea85642bf2f8875, 5cd0bd815c8a48862a296df9b30e0ea0da14acd3

Vendor Advisory: https://git.kernel.org/stable/c/2f709fe755c16b811ba7339ae4c3ee2c72323d3d

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Rebuild kernel if compiling from source. 3. Reboot system to load patched kernel.

🔧 Temporary Workarounds

Disable MT7925 WiFi interface

linux

Prevent use of vulnerable WiFi hardware to avoid triggering the bug

sudo ip link set wlan0 down
sudo modprobe -r mt7925e

🧯 If You Can't Patch

Restrict local user access to prevent WiFi configuration changes
Monitor system logs for kernel panic events related to WiFi operations

🔍 How to Verify

Check if Vulnerable:

Check kernel version and if MT7925 WiFi hardware is present: lspci | grep -i mediatek && uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits and test WiFi interface configuration changes

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages
NULL pointer dereference errors in dmesg
WiFi driver crash logs

Network Indicators:

Sudden WiFi interface disappearance
Unexpected network disconnections

SIEM Query:

source="kernel" AND ("NULL pointer" OR "kernel panic" OR "mt7925")

📊 Metadata

CVE ID: CVE-2024-57989

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.03% exploit probability (7.9th percentile)

Published: February 27, 2025

Last Updated: October 1, 2025

🔗 References

https://git.kernel.org/stable/c/2f709fe755c16b811ba7339ae4c3ee2c72323d3d Mailing List,Patch
https://git.kernel.org/stable/c/5872530c2862700070223a2c2ea85642bf2f8875 Mailing List,Patch
https://git.kernel.org/stable/c/5cd0bd815c8a48862a296df9b30e0ea0da14acd3 Mailing List,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-57989, you might also want to check these: