CVE-2025-21750: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of of_property_read_string_index() Somewhen between 6.10 and 6.11 the driver started to crash on my MacBookPro14,3. The property doesn't exist and 'tmp' remains uninitialized, so we pass a random pointer to devm_kstrdup(). The crash I am getting looks like this: BUG: unable to handle page fault for address: 00007f033c669379 PF: supervisor read access in kernel mode PF: error_code(0x0001) - permissions violation PGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025 Oops: Oops: 0001 [#1] SMP PTI CPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1 Hardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024 RIP: 0010:strlen+0x4/0x30 Code: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <80> 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc RSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202 RAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001 RDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379 RBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a R10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8 R13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30 FS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x149/0x4c0 ? raw_spin_rq_lock_nested+0xe/0x20 ? sched_balance_newidle+0x22b/0x3c0 ? update_load_avg+0x78/0x770 ? exc_page_fault+0x6f/0x150 ? asm_exc_page_fault+0x26/0x30 ? __pfx_pci_conf1_write+0x10/0x10 ? strlen+0x4/0x30 devm_kstrdup+0x25/0x70 brcmf_of_probe+0x273/0x350 [brcmfmac]
AI Analysis
Technical Summary
CVE-2025-21750 is a vulnerability identified in the Linux kernel's Broadcom FullMAC wireless driver (brcmfmac), specifically related to the handling of device tree properties in the function brcmf_of_probe. The issue arises because the driver fails to properly check the return value of the function of_property_read_string_index(), which reads a string property from the device tree. When this property is missing, the variable 'tmp' remains uninitialized, leading to the passing of a random pointer to devm_kstrdup(). This results in a kernel crash due to a page fault triggered by an invalid memory access. The crash manifests as a BUG report with a supervisor read access violation in kernel mode, causing an 'Oops' error and kernel panic. The problem was observed on a MacBookPro14,3 running Linux kernel version 6.11.8-gentoo, but the vulnerability affects Linux kernel versions between 6.10 and 6.11 where this driver code was introduced or modified. The root cause is a lack of input validation and error handling in the driver code, which leads to dereferencing uninitialized pointers. Although this vulnerability currently does not have known exploits in the wild, it can cause denial of service (DoS) by crashing the kernel. Since the flaw is in a kernel driver, exploitation could potentially be triggered by local users or processes interacting with the wireless driver or device tree properties, possibly requiring specific hardware or configurations. The vulnerability is resolved by adding proper checks for the return value of of_property_read_string_index() to ensure 'tmp' is initialized safely before use. No CVSS score is assigned yet, but the technical details indicate a stability and availability impact due to kernel crashes.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial of service on Linux systems using affected kernel versions with Broadcom FullMAC wireless drivers. Organizations relying on Linux servers, workstations, or embedded devices with these drivers could experience unexpected kernel panics leading to system downtime, impacting availability of critical services. This is particularly relevant for industries with high Linux adoption such as telecommunications, manufacturing, and research institutions. Although the vulnerability does not directly expose confidentiality or integrity risks, the resulting instability could disrupt operations and require emergency patching or system reboots. Additionally, if exploited in a targeted manner, attackers could use this flaw to cause persistent outages or disrupt wireless connectivity on affected devices. The lack of known exploits reduces immediate risk, but the presence of this vulnerability in the Linux kernel means that organizations should prioritize patching to maintain system reliability. The impact is more pronounced in environments where kernel stability is critical and where Broadcom wireless chipsets are common, including laptops and embedded systems used in industrial or enterprise settings.
Mitigation Recommendations
1. Immediate patching: Apply the latest Linux kernel updates that include the fix for CVE-2025-21750. Ensure that all systems running affected kernel versions (6.10 to 6.11) are upgraded to versions where the brcmfmac driver properly checks the return value of of_property_read_string_index(). 2. Kernel version management: Avoid running unpatched or development kernel versions in production environments, especially those with Broadcom wireless hardware. 3. Hardware inventory and driver audit: Identify systems using Broadcom FullMAC wireless chipsets and verify the kernel driver versions in use. 4. Controlled testing: Before deploying kernel updates, test patches in staging environments to confirm stability and compatibility with existing hardware. 5. Access control: Limit local user privileges to reduce the risk of triggering the vulnerability via user-space interactions with the wireless driver. 6. Monitoring and alerting: Implement kernel crash monitoring and alerting to detect any unexpected Oops or panic events related to wireless drivers. 7. Alternative drivers or hardware: Where feasible, consider using alternative wireless drivers or hardware that are not affected by this vulnerability to reduce exposure. 8. Incident response readiness: Prepare for potential denial of service incidents by having rollback plans and backup systems to minimize operational disruption.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Belgium, Italy, Spain
CVE-2025-21750: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of of_property_read_string_index() Somewhen between 6.10 and 6.11 the driver started to crash on my MacBookPro14,3. The property doesn't exist and 'tmp' remains uninitialized, so we pass a random pointer to devm_kstrdup(). The crash I am getting looks like this: BUG: unable to handle page fault for address: 00007f033c669379 PF: supervisor read access in kernel mode PF: error_code(0x0001) - permissions violation PGD 8000000101341067 P4D 8000000101341067 PUD 101340067 PMD 1013bb067 PTE 800000010aee9025 Oops: Oops: 0001 [#1] SMP PTI CPU: 4 UID: 0 PID: 827 Comm: (udev-worker) Not tainted 6.11.8-gentoo #1 Hardware name: Apple Inc. MacBookPro14,3/Mac-551B86E5744E2388, BIOS 529.140.2.0.0 06/23/2024 RIP: 0010:strlen+0x4/0x30 Code: f7 75 ec 31 c0 c3 cc cc cc cc 48 89 f8 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa <80> 3f 00 74 14 48 89 f8 48 83 c0 01 80 38 00 75 f7 48 29 f8 c3 cc RSP: 0018:ffffb4aac0683ad8 EFLAGS: 00010202 RAX: 00000000ffffffea RBX: 00007f033c669379 RCX: 0000000000000001 RDX: 0000000000000cc0 RSI: 00007f033c669379 RDI: 00007f033c669379 RBP: 00000000ffffffea R08: 0000000000000000 R09: 00000000c0ba916a R10: ffffffffffffffff R11: ffffffffb61ea260 R12: ffff91f7815b50c8 R13: 0000000000000cc0 R14: ffff91fafefffe30 R15: ffffb4aac0683b30 FS: 00007f033ccbe8c0(0000) GS:ffff91faeed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f033c669379 CR3: 0000000107b1e004 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x149/0x4c0 ? raw_spin_rq_lock_nested+0xe/0x20 ? sched_balance_newidle+0x22b/0x3c0 ? update_load_avg+0x78/0x770 ? exc_page_fault+0x6f/0x150 ? asm_exc_page_fault+0x26/0x30 ? __pfx_pci_conf1_write+0x10/0x10 ? strlen+0x4/0x30 devm_kstrdup+0x25/0x70 brcmf_of_probe+0x273/0x350 [brcmfmac]
AI-Powered Analysis
Technical Analysis
CVE-2025-21750 is a vulnerability identified in the Linux kernel's Broadcom FullMAC wireless driver (brcmfmac), specifically related to the handling of device tree properties in the function brcmf_of_probe. The issue arises because the driver fails to properly check the return value of the function of_property_read_string_index(), which reads a string property from the device tree. When this property is missing, the variable 'tmp' remains uninitialized, leading to the passing of a random pointer to devm_kstrdup(). This results in a kernel crash due to a page fault triggered by an invalid memory access. The crash manifests as a BUG report with a supervisor read access violation in kernel mode, causing an 'Oops' error and kernel panic. The problem was observed on a MacBookPro14,3 running Linux kernel version 6.11.8-gentoo, but the vulnerability affects Linux kernel versions between 6.10 and 6.11 where this driver code was introduced or modified. The root cause is a lack of input validation and error handling in the driver code, which leads to dereferencing uninitialized pointers. Although this vulnerability currently does not have known exploits in the wild, it can cause denial of service (DoS) by crashing the kernel. Since the flaw is in a kernel driver, exploitation could potentially be triggered by local users or processes interacting with the wireless driver or device tree properties, possibly requiring specific hardware or configurations. The vulnerability is resolved by adding proper checks for the return value of of_property_read_string_index() to ensure 'tmp' is initialized safely before use. No CVSS score is assigned yet, but the technical details indicate a stability and availability impact due to kernel crashes.
Potential Impact
For European organizations, this vulnerability primarily poses a risk of denial of service on Linux systems using affected kernel versions with Broadcom FullMAC wireless drivers. Organizations relying on Linux servers, workstations, or embedded devices with these drivers could experience unexpected kernel panics leading to system downtime, impacting availability of critical services. This is particularly relevant for industries with high Linux adoption such as telecommunications, manufacturing, and research institutions. Although the vulnerability does not directly expose confidentiality or integrity risks, the resulting instability could disrupt operations and require emergency patching or system reboots. Additionally, if exploited in a targeted manner, attackers could use this flaw to cause persistent outages or disrupt wireless connectivity on affected devices. The lack of known exploits reduces immediate risk, but the presence of this vulnerability in the Linux kernel means that organizations should prioritize patching to maintain system reliability. The impact is more pronounced in environments where kernel stability is critical and where Broadcom wireless chipsets are common, including laptops and embedded systems used in industrial or enterprise settings.
Mitigation Recommendations
1. Immediate patching: Apply the latest Linux kernel updates that include the fix for CVE-2025-21750. Ensure that all systems running affected kernel versions (6.10 to 6.11) are upgraded to versions where the brcmfmac driver properly checks the return value of of_property_read_string_index(). 2. Kernel version management: Avoid running unpatched or development kernel versions in production environments, especially those with Broadcom wireless hardware. 3. Hardware inventory and driver audit: Identify systems using Broadcom FullMAC wireless chipsets and verify the kernel driver versions in use. 4. Controlled testing: Before deploying kernel updates, test patches in staging environments to confirm stability and compatibility with existing hardware. 5. Access control: Limit local user privileges to reduce the risk of triggering the vulnerability via user-space interactions with the wireless driver. 6. Monitoring and alerting: Implement kernel crash monitoring and alerting to detect any unexpected Oops or panic events related to wireless drivers. 7. Alternative drivers or hardware: Where feasible, consider using alternative wireless drivers or hardware that are not affected by this vulnerability to reduce exposure. 8. Incident response readiness: Prepare for potential denial of service incidents by having rollback plans and backup systems to minimize operational disruption.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.758Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe86ac
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 6/30/2025, 8:54:44 AM
Last updated: 8/16/2025, 6:56:50 AM
Views: 12
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.