{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38123","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.986Z","datePublished":"2025-07-03T08:35:29.312Z","dateUpdated":"2026-05-11T21:21:42.031Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:21:42.031Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: Fix napi rx poll issue\n\nWhen driver handles the napi rx polling requests, the netdev might\nhave been released by the dellink logic triggered by the disconnect\noperation on user plane. However, in the logic of processing skb in\npolling, an invalid netdev is still being used, which causes a panic.\n\nBUG: kernel NULL pointer dereference, address: 00000000000000f1\nOops: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:dev_gro_receive+0x3a/0x620\n[...]\nCall Trace:\n <IRQ>\n ? __die_body+0x68/0xb0\n ? page_fault_oops+0x379/0x3e0\n ? exc_page_fault+0x4f/0xa0\n ? asm_exc_page_fault+0x22/0x30\n ? __pfx_t7xx_ccmni_recv_skb+0x10/0x10 [mtk_t7xx (HASH:1400 7)]\n ? dev_gro_receive+0x3a/0x620\n napi_gro_receive+0xad/0x170\n t7xx_ccmni_recv_skb+0x48/0x70 [mtk_t7xx (HASH:1400 7)]\n t7xx_dpmaif_napi_rx_poll+0x590/0x800 [mtk_t7xx (HASH:1400 7)]\n net_rx_action+0x103/0x470\n irq_exit_rcu+0x13a/0x310\n sysvec_apic_timer_interrupt+0x56/0x90\n </IRQ>"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wwan/t7xx/t7xx_netdev.c"],"versions":[{"version":"5545b7b9f294de7f95ec6a7cb1de0db52296001c","lessThan":"cc89f457d9133a558d4e8ef26dc20843c2d12073","status":"affected","versionType":"git"},{"version":"5545b7b9f294de7f95ec6a7cb1de0db52296001c","lessThan":"e2df04e69c3f10b412f54be036dd0ed3b14756cf","status":"affected","versionType":"git"},{"version":"5545b7b9f294de7f95ec6a7cb1de0db52296001c","lessThan":"66542e9430c625f878a5b5dc0fe41e3458d614bf","status":"affected","versionType":"git"},{"version":"5545b7b9f294de7f95ec6a7cb1de0db52296001c","lessThan":"905fe0845bb27e4eed2ca27ea06e6c4847f1b2b1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wwan/t7xx/t7xx_netdev.c"],"versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","status":"unaffected","versionType":"semver"},{"version":"6.6.94","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.34","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.3","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.6.94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.12.34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.15.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/cc89f457d9133a558d4e8ef26dc20843c2d12073"},{"url":"https://git.kernel.org/stable/c/e2df04e69c3f10b412f54be036dd0ed3b14756cf"},{"url":"https://git.kernel.org/stable/c/66542e9430c625f878a5b5dc0fe41e3458d614bf"},{"url":"https://git.kernel.org/stable/c/905fe0845bb27e4eed2ca27ea06e6c4847f1b2b1"}],"title":"net: wwan: t7xx: Fix napi rx poll issue","x_generator":{"engine":"bippy-1.2.0"}}}}