CVE-2025-38646 – A NULL pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2025-38646?

CVE-2025-38646 has a CVSS score of 5.5 (MEDIUM). A NULL pointer dereference vulnerability in the Linux kernel's rtw89 WiFi driver allows a kernel panic when receiving malformed packets on unsupported 6 GHz bands. This affects Linux systems using Realtek rtw89 WiFi chips that don't support 6 GHz bands. The vulnerability can cause system crashes but doesn't allow arbitrary code execution.

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's rtw89 WiFi driver allows a kernel panic when receiving malformed packets on unsupported 6 GHz bands. This affects Linux systems using Realtek rtw89 WiFi chips that don't support 6 GHz bands. The vulnerability can cause system crashes but doesn't allow arbitrary code execution.

💻 Affected Systems

Products:

Linux kernel with rtw89 WiFi driver

Versions: Linux kernel versions with vulnerable rtw89 driver code (specific versions not specified in CVE)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Realtek rtw89 WiFi chips that don't support 6 GHz bands. Requires WiFi interface to be active and receiving packets.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot.

🟠

Likely Case

System crash when receiving specific malformed WiFi packets, causing temporary service disruption until reboot.

🟢

If Mitigated

No impact if patched or if system doesn't use rtw89 WiFi drivers.

🌐 Internet-Facing: LOW - Requires WiFi connectivity and specific malformed packets, not directly exploitable over internet.

🏢 Internal Only: MEDIUM - Internal attackers on same WiFi network could potentially craft packets to crash affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to send malformed WiFi packets to target system. No authentication needed but requires network proximity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commit 4b525630729082f026e7030eafccf89e3add7eae or later

Vendor Advisory: https://git.kernel.org/stable/c/4b525630729082f026e7030eafccf89e3add7eae

Restart Required: No

Instructions:

1. Update Linux kernel to version containing the fix commit. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel. 3. Rebuild kernel if compiling from source with patched code.

🔧 Temporary Workarounds

Disable rtw89 WiFi driver

Linux

Blacklist or disable the rtw89 kernel module to prevent loading

echo 'blacklist rtw89_core' >> /etc/modprobe.d/blacklist-rtw89.conf
update-initramfs -u
reboot

Disable WiFi interface

Linux

Turn off WiFi to prevent receiving malicious packets

ip link set wlan0 down
rfkill block wifi

🧯 If You Can't Patch

Disable WiFi functionality on affected systems
Implement network segmentation to isolate WiFi traffic from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check if rtw89_core module is loaded: lsmod | grep rtw89_core. If loaded and kernel version is vulnerable, system is at risk.

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix commit: grep -q '4b525630729082f026e7030eafccf89e3add7eae' /proc/version || uname -r

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs mentioning rtw89_vif_rx_stats_iter
NULL pointer dereference at 0000000000000032
BUG: kernel NULL pointer dereference in rtw89_core

Network Indicators:

Unusual WiFi packet patterns targeting 6 GHz bands on non-6GHz hardware

SIEM Query:

event_source:kernel AND (message:"NULL pointer dereference" AND message:"rtw89") OR (message:"BUG: kernel NULL pointer dereference" AND process:"rtw89")

📊 Metadata

CVE ID: CVE-2025-38646

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.02% exploit probability (2.6th percentile)

Published: August 22, 2025

Last Updated: November 26, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-38646, you might also want to check these: