Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-21750
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-27 Feb, 2025 | 02:12
Updated At-02 Jan, 2026 | 15:28
Rejected At-
▼CVE Numbering Authority (CNA)
wifi: brcmfmac: Check the return value of of_property_read_string_index()

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of of_property_read_string_index() Somewhen between 6.10 and 6.11 the driver started to crash on my MacBookPro14,3. The property doesn't exist and 'tmp' remains uninitialized, so we pass a random pointer to devm_kstrdup(). The crash I am getting looks like this: BUG: unable to handle page fault for address: 00007f033c669379 PF: supervisor read access in kernel mode PF: error_code(0x0001) - permissions violation PGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025 Oops: Oops: 0001 [#1] SMP PTI CPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1 Hardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024 RIP: 0010:strlen+0x4/0x30 Code: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <80> 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc RSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202 RAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001 RDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379 RBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a R10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8 R13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30 FS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x149/0x4c0 ? raw_spin_rq_lock_nested+0xe/0x20 ? sched_balance_newidle+0x22b/0x3c0 ? update_load_avg+0x78/0x770 ? exc_page_fault+0x6f/0x150 ? asm_exc_page_fault+0x26/0x30 ? __pfx_pci_conf1_write+0x10/0x10 ? strlen+0x4/0x30 devm_kstrdup+0x25/0x70 brcmf_of_probe+0x273/0x350 [brcmfmac]

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c
Default Status
unaffected
Versions
Affected
  • From 29e354ebeeecaee979e6fe22cd6272682d7552c9 before af525a8b2ab85291617e79a5bb18bcdcb529e80c (git)
  • From 29e354ebeeecaee979e6fe22cd6272682d7552c9 before c9480e9f2d10135476101619bcbd1c49c15d595f (git)
  • From 29e354ebeeecaee979e6fe22cd6272682d7552c9 before 7ef2ea1429684d5cef207519bdf6ce45e50e8ac5 (git)
  • From 29e354ebeeecaee979e6fe22cd6272682d7552c9 before bb8e35e33e79eb8e44396adbc8cb6c8c5f16b731 (git)
  • From 29e354ebeeecaee979e6fe22cd6272682d7552c9 before 082d9e263af8de68f0c34f67b251818205160f6e (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • drivers/net/wireless/broadcom/brcm80211/brcmfmac/of.c
Default Status
affected
Versions
Affected
  • 5.9
Unaffected
  • From 0 before 5.9 (semver)
  • From 6.1.129 through 6.1.* (semver)
  • From 6.6.78 through 6.6.* (semver)
  • From 6.12.14 through 6.12.* (semver)
  • From 6.13.3 through 6.13.* (semver)
  • From 6.14 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/af525a8b2ab85291617e79a5bb18bcdcb529e80c
N/A
https://git.kernel.org/stable/c/c9480e9f2d10135476101619bcbd1c49c15d595f
N/A
https://git.kernel.org/stable/c/7ef2ea1429684d5cef207519bdf6ce45e50e8ac5
N/A
https://git.kernel.org/stable/c/bb8e35e33e79eb8e44396adbc8cb6c8c5f16b731
N/A
https://git.kernel.org/stable/c/082d9e263af8de68f0c34f67b251818205160f6e
N/A
Hyperlink: https://git.kernel.org/stable/c/af525a8b2ab85291617e79a5bb18bcdcb529e80c
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/c9480e9f2d10135476101619bcbd1c49c15d595f
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/7ef2ea1429684d5cef207519bdf6ce45e50e8ac5
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/bb8e35e33e79eb8e44396adbc8cb6c8c5f16b731
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/082d9e263af8de68f0c34f67b251818205160f6e
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html
Resource: N/A
Details not found