CVE-2025-21750

Published: Feb 27, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of of_property_read_string_index() Somewhen between 6.10 and 6.11 the driver started to crash on my MacBookPro14,3. The property doesn't exist and 'tmp' remains uninitialized, so we pass a random pointer to devm_kstrdup(). The crash I am getting looks like this: BUG: unable to handle page fault for address: 00007f033c669379 PF: supervisor read access in kernel mode PF: error_code(0x0001) - permissions violation PGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025 Oops: Oops: 0001 [#1] SMP PTI CPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1 Hardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024 RIP: 0010:strlen+0x4/0x30 Code: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <80> 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc RSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202 RAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001 RDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379 RBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a R10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8 R13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30 FS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x149/0x4c0 ? raw_spin_rq_lock_nested+0xe/0x20 ? sched_balance_newidle+0x22b/0x3c0 ? update_load_avg+0x78/0x770 ? exc_page_fault+0x6f/0x150 ? asm_exc_page_fault+0x26/0x30 ? __pfx_pci_conf1_write+0x10/0x10 ? strlen+0x4/0x30 devm_kstrdup+0x25/0x70 brcmf_of_probe+0x273/0x350 [brcmfmac]

Vendor	Product	Versions
Linux	Linux	affected `29e354ebeeecaee979e6fe22cd6272682d7552c9 - < af525a8b2ab85291617e79a5bb18bcdcb529e80c` affected `29e354ebeeecaee979e6fe22cd6272682d7552c9 - < c9480e9f2d10135476101619bcbd1c49c15d595f` affected `29e354ebeeecaee979e6fe22cd6272682d7552c9 - < 7ef2ea1429684d5cef207519bdf6ce45e50e8ac5` affected `29e354ebeeecaee979e6fe22cd6272682d7552c9 - < bb8e35e33e79eb8e44396adbc8cb6c8c5f16b731` affected `29e354ebeeecaee979e6fe22cd6272682d7552c9 - < 082d9e263af8de68f0c34f67b251818205160f6e`
Linux	Linux	affected `5.9` unaffected `0 - < 5.9` unaffected `6.1.129 - <= 6.1.` unaffected `6.6.78 - <= 6.6.` unaffected `6.12.14 - <= 6.12.*` +2 more versions

References

https://git.kernel.org/stable/c/af525a8b2ab85291617e79a5bb18bcdcb529e80c

https://git.kernel.org/stable/c/c9480e9f2d10135476101619bcbd1c49c15d595f

https://git.kernel.org/stable/c/7ef2ea1429684d5cef207519bdf6ce45e50e8ac5

https://git.kernel.org/stable/c/bb8e35e33e79eb8e44396adbc8cb6c8c5f16b731

https://git.kernel.org/stable/c/082d9e263af8de68f0c34f67b251818205160f6e

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-21750

Description

Affected Products

References