CVE-2025-22032

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.13

Description A kernel panic is caused by a null pointer dereference in the mt792x rx get wcid function. The issue arises because the deflink structure is not properly initialized with the sta context. This patch ensures that the deflink structure is correctly linked to the sta context, preventing the null pointer dereference.

Recommendations For Linux kernel version prior to 6.12.13, update to version 6.12.13 or later to resolve the issue. As a temporary workaround, consider disabling the mt792x rx get wcid function until a patch is available. Restrict access to the mt76 module to minimize the risk of exploitation. Avoid using the sta context in the affected API endpoints until the issue is resolved.