PT-2025-33802 · Realtek+6 · Rtl818X+7

Published

2025-06-17

·

Updated

2026-04-20

·

CVE-2025-38604

CVSS v2.0

5.7

Medium

VectorAV:L/AC:L/Au:S/C:P/I:P/A:C
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A flaw exists in the Linux kernel's Wi-Fi driver for rtl818x devices. Specifically, the issue involves the order of operations during the rtl8187 stop() function. Failing to kill URBs (USB requests) before clearing the transmit status queue can lead to callbacks operating on already freed memory, resulting in a kernel NULL pointer dereference. This can cause a system crash. The vulnerability was discovered through testing on an RTL8187BvE device using SVACE by the Linux Verification Center.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

NULL Pointer Dereference

Weakness Enumeration

CWE-416CWE-476

Related Identifiers

AZL-66449
AZL-73599
BDU:2025-15178
CVE-2025-38604
DLA-4327-1
DLA-4328-1
ECHO-267C-33F2-3E8E
MGASA-2025-0234
MGASA-2025-0235
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03272-1
SUSE-SU-2025:03290-1
SUSE-SU-2025:03301-1
SUSE-SU-2025:03382-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03614-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20653-1
SUSE-SU-2025:20669-1
SUSE-SU-2025:20739-1
SUSE-SU-2025:20756-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_03272-1
SUSE-SU-2025_03290-1
SUSE-SU-2025_03301-1
SUSE-SU-2025_03382-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7934-1
USN-7938-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Rtl8187Bve
Red Os
Suse
Ubuntu
Rtl818X