Description
In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211_register_hw()', an internal workqueue managed by 'ieee80211_queue_work()' is not yet created and an attempt to queue work on it causes null-ptr-deref. [1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff [2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217
Product status
e4a668c59080f862af3ecc28b359533027cbe434 (git) before 0140d3d37f0f1759d1fdedd854c7875a86e15f8d
e4a668c59080f862af3ecc28b359533027cbe434 (git) before 8a3734a6f4c05fd24605148f21fb2066690d61b3
e4a668c59080f862af3ecc28b359533027cbe434 (git) before 527fad1ae32ffa2d4853a1425fe1c8dbb8c9744c
e4a668c59080f862af3ecc28b359533027cbe434 (git) before bfeede26e97ce4a15a0b961118de4a0e28c9907a
e4a668c59080f862af3ecc28b359533027cbe434 (git) before 4e9ab5c48ad5153cc908dd29abad0cd2a92951e4
e4a668c59080f862af3ecc28b359533027cbe434 (git) before 301268dbaac8e9013719e162a000202eac8054be
e4a668c59080f862af3ecc28b359533027cbe434 (git) before 11ef72b3312752c2ff92f3c1e64912be3228ed36
e4a668c59080f862af3ecc28b359533027cbe434 (git) before 15d25307692312cec4b57052da73387f91a2e870
2.6.38
Any version before 2.6.38
5.4.295 (semver)
5.10.239 (semver)
5.15.186 (semver)
6.1.142 (semver)
6.6.95 (semver)
6.12.35 (semver)
6.15.4 (semver)
6.16 (original_commit_for_fix)
References
lists.debian.org/debian-lts-announce/2025/10/msg00008.html
lists.debian.org/debian-lts-announce/2025/10/msg00007.html
git.kernel.org/...c/0140d3d37f0f1759d1fdedd854c7875a86e15f8d
git.kernel.org/...c/8a3734a6f4c05fd24605148f21fb2066690d61b3
git.kernel.org/...c/527fad1ae32ffa2d4853a1425fe1c8dbb8c9744c
git.kernel.org/...c/bfeede26e97ce4a15a0b961118de4a0e28c9907a
git.kernel.org/...c/4e9ab5c48ad5153cc908dd29abad0cd2a92951e4
git.kernel.org/...c/301268dbaac8e9013719e162a000202eac8054be
git.kernel.org/...c/11ef72b3312752c2ff92f3c1e64912be3228ed36
git.kernel.org/...c/15d25307692312cec4b57052da73387f91a2e870