Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2025-11348

Опубликовано: 16 авг. 2025
Источник: fstec
CVSS3: 5.5
CVSS2: 4.6
EPSS Низкий

Описание

Уязвимость функции zd_mac_tx_to_dev() (drivers/net/wireless/zydas/zd1211rw/zd_mac.c) ядра операционной системы Linux связана с ошибками разыменования указателей. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Вендор

Canonical Ltd.
Novell Inc.
Сообщество свободного программного обеспечения
АО «ИВК»
АО "НППКТ"

Наименование ПО

Ubuntu
Suse Linux Enterprise Desktop
SUSE Linux Enterprise Server for SAP Applications
OpenSUSE Leap
SUSE Linux Enterprise Module for Basesystem
SUSE Linux Enterprise Module for Development Tools
SUSE Linux Enterprise Live Patching
Suse Linux Enterprise Server
SUSE Enterprise Storage
SUSE OpenStack Cloud
SUSE Linux Enterprise High Performance Computing
SUSE CaaS Platform
SUSE Manager Proxy
SUSE Manager Retail Branch Server
SUSE Manager Server
Debian GNU/Linux
SUSE Linux Enterprise Micro
Альт 8 СП
SUSE Linux Enterprise Real Time
SUSE Real Time Module
Linux
ОСОН ОСнова Оnyx

Версия ПО

16.04 LTS (Ubuntu)
18.04 LTS (Ubuntu)
12 SP4 (Suse Linux Enterprise Desktop)
12 SP4 (SUSE Linux Enterprise Server for SAP Applications)
15.5 (OpenSUSE Leap)
15 (SUSE Linux Enterprise Module for Basesystem)
15 SP1 (SUSE Linux Enterprise Module for Basesystem)
15 (SUSE Linux Enterprise Module for Development Tools)
15 SP1 (SUSE Linux Enterprise Module for Development Tools)
12 SP3 (SUSE Linux Enterprise Live Patching)
12 SP4 (SUSE Linux Enterprise Live Patching)
15 (SUSE Linux Enterprise Server for SAP Applications)
15 SP1 (SUSE Linux Enterprise Server for SAP Applications)
12 SP5 (Suse Linux Enterprise Server)
6 (SUSE Enterprise Storage)
9 (SUSE OpenStack Cloud)
12 SP5 (SUSE Linux Enterprise Live Patching)
15-ESPOS (SUSE Linux Enterprise High Performance Computing)
15-LTSS (SUSE Linux Enterprise High Performance Computing)
15-LTSS (Suse Linux Enterprise Server)
Crowbar 9 (SUSE OpenStack Cloud)
15 SP2 (SUSE Linux Enterprise Module for Basesystem)
20.04 LTS (Ubuntu)
15 SP2 (SUSE Linux Enterprise Module for Development Tools)
4.0 (SUSE CaaS Platform)
15 SP1-BCL (Suse Linux Enterprise Server)
15 SP1-LTSS (Suse Linux Enterprise Server)
15 SP1-LTSS (SUSE Linux Enterprise High Performance Computing)
15 SP1-ESPOS (SUSE Linux Enterprise High Performance Computing)
4.0 (SUSE Manager Proxy)
4.0 (SUSE Manager Retail Branch Server)
4.0 (SUSE Manager Server)
15 SP3 (SUSE Linux Enterprise Module for Basesystem)
15.3 (OpenSUSE Leap)
15 SP1 (Suse Linux Enterprise Server)
11 (Debian GNU/Linux)
15.4 (OpenSUSE Leap)
15 SP3 (SUSE Linux Enterprise High Performance Computing)
15 SP3 (Suse Linux Enterprise Server)
15 SP3 (SUSE Linux Enterprise Server for SAP Applications)
4.2 (SUSE Manager Proxy)
4.2 (SUSE Manager Server)
15 SP3 (Suse Linux Enterprise Desktop)
15 SP2 (Suse Linux Enterprise Server)
15 SP2 (SUSE Linux Enterprise Server for SAP Applications)
4.1 (SUSE Manager Server)
4.1 (SUSE Manager Proxy)
15 SP2-ESPOS (SUSE Linux Enterprise High Performance Computing)
15 SP2-LTSS (SUSE Linux Enterprise High Performance Computing)
5.0 (SUSE Linux Enterprise Micro)
5.1 (SUSE Linux Enterprise Micro)
15 SP3 (SUSE Linux Enterprise Module for Development Tools)
4.1 (SUSE Manager Retail Branch Server)
- (Альт 8 СП)
15 SP4 (Suse Linux Enterprise Server)
15 SP2 (Suse Linux Enterprise Desktop)
15 SP2 (SUSE Linux Enterprise High Performance Computing)
15 SP4 (Suse Linux Enterprise Desktop)
15 (Suse Linux Enterprise Server)
15 SP2-BCL (Suse Linux Enterprise Server)
15 SP4 (SUSE Linux Enterprise Server for SAP Applications)
4.2 (SUSE Manager Retail Branch Server)
5.2 (SUSE Linux Enterprise Micro)
22.04 LTS (Ubuntu)
15 SP2-LTSS (Suse Linux Enterprise Server)
15 SP2 (SUSE Linux Enterprise Real Time)
4.3 (SUSE Manager Retail Branch Server)
4.3 (SUSE Manager Proxy)
4.3 (SUSE Manager Server)
15 SP1 (Suse Linux Enterprise Desktop)
15 (Suse Linux Enterprise Desktop)
7.1 (SUSE Enterprise Storage)
15 SP4 (SUSE Linux Enterprise Module for Basesystem)
15 SP4 (SUSE Linux Enterprise Module for Development Tools)
15 (SUSE Linux Enterprise High Performance Computing)
15 SP1 (SUSE Linux Enterprise High Performance Computing)
5.3 (SUSE Linux Enterprise Micro)
15 SP3-LTSS (Suse Linux Enterprise Server)
15 SP3-ESPOS (SUSE Linux Enterprise High Performance Computing)
15 SP3-LTSS (SUSE Linux Enterprise High Performance Computing)
15 SP3 (SUSE Linux Enterprise Real Time)
15 SP3-BCL (Suse Linux Enterprise Server)
15 SP5 (SUSE Linux Enterprise Server for SAP Applications)
15 SP5 (Suse Linux Enterprise Server)
15 SP5 (Suse Linux Enterprise Desktop)
15 SP5 (SUSE Linux Enterprise High Performance Computing)
15 SP5 (SUSE Linux Enterprise Module for Basesystem)
15 SP5 (SUSE Linux Enterprise Module for Development Tools)
15 SP4 (SUSE Linux Enterprise Real Time)
15 SP5 (SUSE Linux Enterprise Real Time)
5.4 (SUSE Linux Enterprise Micro)
15 SP5 (SUSE Linux Enterprise Live Patching)
5.5 (SUSE Linux Enterprise Micro)
15 SP4-ESPOS (SUSE Linux Enterprise High Performance Computing)
15 SP4-LTSS (SUSE Linux Enterprise High Performance Computing)
15 SP4-LTSS (Suse Linux Enterprise Server)
15 SP5 (SUSE Real Time Module)
15 SP4 (SUSE Real Time Module)
24.04 LTS (Ubuntu)
12 SP5 LTSS Extended Security (Suse Linux Enterprise Server)
15 SP5-LTSS (Suse Linux Enterprise Server)
15 SP5-LTSS (SUSE Linux Enterprise High Performance Computing)
15 SP5-ESPOS (SUSE Linux Enterprise High Performance Computing)
25.04 (Ubuntu)
15 SP3 (SUSE Real Time Module)
от 6.16 до 6.16 rc1 (Linux)
LTS 4.3 (SUSE Manager Proxy)
LTS 4.3 (SUSE Manager Retail Branch Server)
LTS 4.3 (SUSE Manager Server)
до 6.16 rc6 (Linux)
от 5.10.0 до 5.10.240 (Linux)
от 6.15.0 до 6.15.7 (Linux)
от 6.1.0 до 6.1.146 (Linux)
от 6.12.0 до 6.12.39 (Linux)
от 6.6.0 до 6.6.99 (Linux)
от 5.15.0 до 5.15.189 (Linux)
от 2.6.25 до 5.4.296 (Linux)
до 2.14 (ОСОН ОСнова Оnyx)

Тип ПО

Операционная система
Прикладное ПО информационных систем
Сетевое средство

Операционные системы и аппаратные платформы

Canonical Ltd. Ubuntu 16.04 LTS
Canonical Ltd. Ubuntu 18.04 LTS
Novell Inc. Suse Linux Enterprise Desktop 12 SP4
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4
Novell Inc. OpenSUSE Leap 15.5
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP1
Novell Inc. Suse Linux Enterprise Server 12 SP5
Novell Inc. Suse Linux Enterprise Server 15-LTSS
Canonical Ltd. Ubuntu 20.04 LTS
Novell Inc. Suse Linux Enterprise Server 15 SP1-BCL
Novell Inc. Suse Linux Enterprise Server 15 SP1-LTSS
Novell Inc. OpenSUSE Leap 15.3
Novell Inc. Suse Linux Enterprise Server 15 SP1
Сообщество свободного программного обеспечения Debian GNU/Linux 11
Novell Inc. OpenSUSE Leap 15.4
Novell Inc. Suse Linux Enterprise Server 15 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3
Novell Inc. Suse Linux Enterprise Desktop 15 SP3
Novell Inc. Suse Linux Enterprise Server 15 SP2
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2
АО «ИВК» Альт 8 СП -
Novell Inc. Suse Linux Enterprise Server 15 SP4
Novell Inc. Suse Linux Enterprise Desktop 15 SP2
Novell Inc. Suse Linux Enterprise Desktop 15 SP4
Novell Inc. Suse Linux Enterprise Server 15
Novell Inc. Suse Linux Enterprise Server 15 SP2-BCL
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4
Canonical Ltd. Ubuntu 22.04 LTS
Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS
Novell Inc. SUSE Linux Enterprise Real Time 15 SP2
Novell Inc. Suse Linux Enterprise Desktop 15 SP1
Novell Inc. Suse Linux Enterprise Desktop 15
Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS
Novell Inc. SUSE Linux Enterprise Real Time 15 SP3
Novell Inc. Suse Linux Enterprise Server 15 SP3-BCL
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5
Novell Inc. Suse Linux Enterprise Server 15 SP5
Novell Inc. Suse Linux Enterprise Desktop 15 SP5
Novell Inc. SUSE Linux Enterprise Real Time 15 SP4
Novell Inc. SUSE Linux Enterprise Real Time 15 SP5
Novell Inc. Suse Linux Enterprise Server 15 SP4-LTSS
Canonical Ltd. Ubuntu 24.04 LTS
Novell Inc. Suse Linux Enterprise Server 12 SP5 LTSS Extended Security
Novell Inc. Suse Linux Enterprise Server 15 SP5-LTSS
Canonical Ltd. Ubuntu 25.04
Сообщество свободного программного обеспечения Linux от 6.16 до 6.16 rc1
Сообщество свободного программного обеспечения Linux до 6.16 rc6
Сообщество свободного программного обеспечения Linux от 5.10.0 до 5.10.240
Сообщество свободного программного обеспечения Linux от 6.15.0 до 6.15.7
Сообщество свободного программного обеспечения Linux от 6.1.0 до 6.1.146
Сообщество свободного программного обеспечения Linux от 6.12.0 до 6.12.39
Сообщество свободного программного обеспечения Linux от 6.6.0 до 6.6.99
Сообщество свободного программного обеспечения Linux от 5.15.0 до 5.15.189
Сообщество свободного программного обеспечения Linux от 2.6.25 до 5.4.296
АО "НППКТ" ОСОН ОСнова Оnyx до 2.14

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 4,6)
Средний уровень опасности (базовая оценка CVSS 3.1 составляет 5,5)
Средний уровень опасности (оценка CVSS 4.0 составляет 6,8)

Возможные меры по устранению уязвимости

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для Linux:
https://git.kernel.org/stable/c/014c34dc132015c4f918ada4982e952947ac1047
https://git.kernel.org/stable/c/5420de65efbeb6503bcf1d43451c9df67ad60298
https://git.kernel.org/stable/c/602b4eb2f25668de15de69860ec99caf65b3684d
https://git.kernel.org/stable/c/74b1ec9f5d627d2bdd5e5b6f3f81c23317657023
https://git.kernel.org/stable/c/adf08c96b963c7cd7ec1ee1c0c556228d9bedaae
https://git.kernel.org/stable/c/b24f65c184540dfb967479320ecf7e8c2e9220dc
https://git.kernel.org/stable/c/c1958270de947604cc6de05fc96dbba256b49cf0
https://git.kernel.org/stable/c/fcd9c923b58e86501450b9b442ccc7ce4a8d0fda
Для Ubuntu:
https://ubuntu.com/security/CVE-2025-38513
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2025-38513
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2025-38513.html
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/
Обновление программного обеспечения linux до версии 6.6.108-0.osnova2u1

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 10%
0.00036
Низкий

5.5 Medium

CVSS3

4.6 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2025-38513

ubuntu
3 месяца назад

In the Linux kernel, the following vulnerability has been resolved: wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() There is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For example, the following is possible: T0 T1 zd_mac_tx_to_dev() /* len == skb_queue_len(q) */ while (len > ZD_MAC_MAX_ACK_WAITERS) { filter_ack() spin_lock_irqsave(&q->lock, flags); /* position == skb_queue_len(q) */ for (i=1; i<position; i++) skb = __skb_dequeue(q) if (mac->type == NL80211_IFTYPE_AP) skb = __skb_dequeue(q); spin_unlock_irqrestore(&q->lock, flags); skb_dequeue() -> NULL Since there is a small gap between checking skb queue length and skb being unconditionally dequeued in zd_mac_tx_to_dev(), skb_dequeue() can return NULL. Then the pointer is passed to zd_mac_tx_status() where it is dereferenced. In order to avoid potential NULL pointer dereference due to situations like above, check if skb is not NULL before passing it to zd_mac_tx_status(). Found ...

redhat логотип

CVE-2025-38513

CVSS3: 5.5
redhat
3 месяца назад

In the Linux kernel, the following vulnerability has been resolved: wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() There is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For example, the following is possible: T0 T1 zd_mac_tx_to_dev() /* len == skb_queue_len(q) */ while (len > ZD_MAC_MAX_ACK_WAITERS) { filter_ack() spin_lock_irqsave(&q->lock, flags); /* position == skb_queue_len(q) */ for (i=1; i<position; i++) skb = __skb_dequeue(q) if (mac->type == NL80211_IFTYPE_AP) skb = __skb_dequeue(q); spin_unlock_irqrestore(&q->lock, flags); skb_dequeue() -> NULL Since there is a small gap between checking skb queue length and skb being unconditionally dequeued in zd_mac_tx_to_dev(), skb_dequeue() can return NULL. Then the pointer is passed to zd_mac_tx_status() where it is dereferenced. In order to avoid potential NULL pointer dereference due to situations like above, check if skb is not NULL before passing it to zd_mac_tx_status(). Found by Li...

nvd логотип

CVE-2025-38513

nvd
3 месяца назад

In the Linux kernel, the following vulnerability has been resolved: wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() There is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For example, the following is possible: T0 T1 zd_mac_tx_to_dev() /* len == skb_queue_len(q) */ while (len > ZD_MAC_MAX_ACK_WAITERS) { filter_ack() spin_lock_irqsave(&q->lock, flags); /* position == skb_queue_len(q) */ for (i=1; i<position; i++) skb = __skb_dequeue(q) if (mac->type == NL80211_IFTYPE_AP) skb = __skb_dequeue(q); spin_unlock_irqrestore(&q->lock, flags); skb_dequeue() -> NULL Since there is a small gap between checking skb queue length and skb being unconditionally dequeued in zd_mac_tx_to_dev(), skb_dequeue() can return NULL. Then the pointer is passed to zd_mac_tx_status() where it is dereferenced. In order to avoid potential NULL pointer dereference due to

msrc логотип

CVE-2025-38513

CVSS3: 5.5
msrc
2 месяца назад

wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()

debian логотип

CVE-2025-38513

debian
3 месяца назад

In the Linux kernel, the following vulnerability has been resolved: w ...

EPSS

Процентиль: 10%
0.00036
Низкий

5.5 Medium

CVSS3

4.6 Medium

CVSS2