Description

In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group Currently, mtk_iommu calls during probe iommu_device_register before the hw_list from driver data is initialized. Since iommu probing issue fix, it leads to NULL pointer dereference in mtk_iommu_device_group when hw_list is accessed with list_first_entry (not null safe). So, change the call order to ensure iommu_device_register is called after the driver data are initialized.

INFO

Published Date :

2025-05-01T12:55:54.660Z

Last Modified :

2025-11-03T19:54:22.042Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-37748 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-37748.

URL Resource
https://git.kernel.org/stable/c/2f75cb27bef43c8692b0f5e471e5632f6a9beb99 cve-icon cve-icon
https://git.kernel.org/stable/c/38e8844005e6068f336a3ad45451a562a0040ca1 cve-icon cve-icon
https://git.kernel.org/stable/c/69f9d2d37d1207c5a73dac52a4ce1361ead707f5 cve-icon cve-icon
https://git.kernel.org/stable/c/6abd09bed43b8d83d461e0fb5b9a200a06aa8a27 cve-icon cve-icon
https://git.kernel.org/stable/c/a0842539e8ef9386c070156103aff888e558a60c cve-icon cve-icon
https://git.kernel.org/stable/c/ce7d3b2f6f393fa35f0ea12861b83a1ca28b295c cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025050136-CVE-2025-37748-56c8@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-37748 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-37748 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact