PT-2025-49450 · Linux+3 · Linux Kernel+3

Published

2025-12-08

·

Updated

2026-05-07

·

CVE-2025-40321

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel’s brcmfmac driver contains a flaw related to handling Action frames in standalone Access Point (AP) mode. Specifically, when hostapd manages the WLAN interface, the driver attempts to use an uninitialized P2P vif pointer when transmitting Action frames, leading to a NULL pointer dereference and driver crash. The issue arises because the driver always uses the P2P vif to send Action frames, even when P2P interfaces are not initialized. The fix involves ensuring the driver uses the vif corresponding to the wdev on which the Action frame transmission request was initiated. Additionally, the initialization of the send af done completion is moved to brcmf p2p attach() and an unnecessary condition check in brcmf p2p tx action frame() is removed.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Related Identifiers

CVE-2025-40321
DLA-4404-1
ECHO-CCED-DE0D-077D
MGASA-2026-0017
MGASA-2026-0018
OPENSUSE-SU-2026:20145-1
SUSE-SU-2026:0278-1
SUSE-SU-2026:0281-1
SUSE-SU-2026:0293-1
SUSE-SU-2026:0315-1
SUSE-SU-2026:0316-1
SUSE-SU-2026:20207-1
SUSE-SU-2026:20220-1
SUSE-SU-2026:20228-1
SUSE-SU-2026:20477-1
SUSE-SU-2026:20498-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
USN-8029-1
USN-8029-2
USN-8029-3
USN-8030-1
USN-8048-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8096-1
USN-8096-2
USN-8096-3
USN-8096-4
USN-8096-5
USN-8100-1
USN-8116-1
USN-8125-1
USN-8126-1
USN-8141-1
USN-8163-1
USN-8163-2
USN-8165-1
USN-8243-1
USN-8261-1

Affected Products

Debian
Linuxmint
Linux Kernel
Ubuntu