CVE-2025-37748

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-37748
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37748.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37748
Downstream
Related
Published
2025-05-01T12:55:54.660Z
Modified
2026-03-11T07:51:12.919338Z
Summary
iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group
Details

In the Linux kernel, the following vulnerability has been resolved:

iommu/mediatek: Fix NULL pointer deference in mtkiommudevice_group

Currently, mtkiommu calls during probe iommudeviceregister before the hwlist from driver data is initialized. Since iommu probing issue fix, it leads to NULL pointer dereference in mtkiommudevicegroup when hwlist is accessed with listfirstentry (not null safe).

So, change the call order to ensure iommudeviceregister is called after the driver data are initialized.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37748.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9e3a2a64365318a743e3c0b028952d2cdbaf2b0c
Fixed
2f75cb27bef43c8692b0f5e471e5632f6a9beb99
Fixed
6abd09bed43b8d83d461e0fb5b9a200a06aa8a27
Fixed
a0842539e8ef9386c070156103aff888e558a60c
Fixed
ce7d3b2f6f393fa35f0ea12861b83a1ca28b295c
Fixed
69f9d2d37d1207c5a73dac52a4ce1361ead707f5
Fixed
38e8844005e6068f336a3ad45451a562a0040ca1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37748.json"