CVE-2025-37748

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-37748

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37748.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-37748

Downstream

BELL-CVE-2025-37748

DEBIAN-CVE-2025-37748

DLA-4193-1

ECHO-9a74-dec2-a58e

SUSE-SU-2025:01919-1

SUSE-SU-2025:01951-1

SUSE-SU-2025:01964-1

SUSE-SU-2025:01965-1

SUSE-SU-2025:01967-1

UBUNTU-CVE-2025-37748

USN-7594-1

USN-7594-2

USN-7594-3

Related

Published

2025-05-01T13:15:53Z

Modified

2025-08-09T20:01:25Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

iommu/mediatek: Fix NULL pointer deference in mtkiommudevice_group

Currently, mtkiommu calls during probe iommudeviceregister before the hwlist from driver data is initialized. Since iommu probing issue fix, it leads to NULL pointer dereference in mtkiommudevicegroup when hwlist is accessed with listfirstentry (not null safe).

So, change the call order to ensure iommudeviceregister is called after the driver data are initialized.

References

Affected packages