CVE-2025-40066 in Linux
Summary
by MITRE • 10/28/2025
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7996: Check phy before init msta_link in mt7996_mac_sta_add_links()
In order to avoid a possible NULL pointer dereference in mt7996_mac_sta_init_link routine, move the phy pointer check before running mt7996_mac_sta_init_link() in mt7996_mac_sta_add_links routine.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/15/2026
The vulnerability identified as CVE-2025-40066 resides within the Linux kernel's wireless subsystem, specifically affecting the mt76 driver family used for MediaTek wireless network adapters. This issue manifests in the mt7996 wireless MAC driver implementation where a potential null pointer dereference can occur during station link initialization processes. The flaw exists in the mt7996_mac_sta_add_links() function which manages the addition of station links for wireless communication. The vulnerability represents a classic software defect that can lead to system instability and potential exploitation by malicious actors.
The technical root cause of this vulnerability stems from improper sequence of operations within the wireless driver's initialization logic. During the process of adding station links, the mt7996_mac_sta_add_links() routine attempts to call mt7996_mac_sta_init_link() without first validating whether the phy pointer has been properly initialized. This sequence violation creates a condition where a null pointer dereference can occur, leading to kernel panic or system crash when the driver attempts to access memory locations through an uninitialized pointer reference. The issue directly relates to CWE-476 which defines null pointer dereference conditions in software implementations.
The operational impact of this vulnerability extends beyond simple system instability to potentially enable denial of service attacks against wireless network functionality. When exploited, the null pointer dereference can cause the wireless subsystem to crash, rendering wireless connectivity unavailable until system reboot occurs. This vulnerability affects systems running Linux kernels with MediaTek mt7996 wireless drivers, particularly those implementing wireless networking in enterprise or consumer environments where continuous network availability is critical. The attack surface includes any device that utilizes MediaTek wireless chips in the mt7996 family, such as certain routers, access points, and wireless network cards.
Mitigation strategies for CVE-2025-40066 involve applying the kernel patch that reorders the pointer validation before function execution, moving the phy pointer check before calling mt7996_mac_sta_init_link(). System administrators should prioritize updating their Linux kernel versions to include the patched implementation. The fix follows standard defensive programming practices by ensuring proper input validation before function calls. Additionally, monitoring for wireless subsystem crashes or instability patterns can help identify potential exploitation attempts. Organizations should implement regular kernel update policies and consider deploying intrusion detection systems that monitor for unusual wireless network behavior patterns that might indicate exploitation attempts. This vulnerability demonstrates the importance of proper error handling in kernel space drivers and aligns with ATT&CK technique T1499.001 which covers network denial of service attacks through system resource exhaustion or instability.