CVE-2025-38420

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211_register_hw()', an internal workqueue managed by 'ieee80211_queue_work()' is not yet created and an attempt to queue work on it causes null-ptr-deref. [1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff [2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217

Reserved 2025-04-16 | Published 2025-07-25 | Updated 2025-07-25 | Assigner Linux

Product status

Default status
unaffected

e4a668c59080f862af3ecc28b359533027cbe434 before 0140d3d37f0f1759d1fdedd854c7875a86e15f8d
affected

e4a668c59080f862af3ecc28b359533027cbe434 before 8a3734a6f4c05fd24605148f21fb2066690d61b3
affected

e4a668c59080f862af3ecc28b359533027cbe434 before 527fad1ae32ffa2d4853a1425fe1c8dbb8c9744c
affected

e4a668c59080f862af3ecc28b359533027cbe434 before bfeede26e97ce4a15a0b961118de4a0e28c9907a
affected

e4a668c59080f862af3ecc28b359533027cbe434 before 4e9ab5c48ad5153cc908dd29abad0cd2a92951e4
affected

e4a668c59080f862af3ecc28b359533027cbe434 before 301268dbaac8e9013719e162a000202eac8054be
affected

e4a668c59080f862af3ecc28b359533027cbe434 before 11ef72b3312752c2ff92f3c1e64912be3228ed36
affected

e4a668c59080f862af3ecc28b359533027cbe434 before 15d25307692312cec4b57052da73387f91a2e870
affected

Default status
affected

2.6.38
affected

Any version before 2.6.38
unaffected

5.4.295
unaffected

5.10.239
unaffected

5.15.186
unaffected

6.1.142
unaffected

6.6.95
unaffected

6.12.35
unaffected

6.15.4
unaffected

6.16-rc3
unaffected

References

git.kernel.org/...c/0140d3d37f0f1759d1fdedd854c7875a86e15f8d

git.kernel.org/...c/8a3734a6f4c05fd24605148f21fb2066690d61b3

git.kernel.org/...c/527fad1ae32ffa2d4853a1425fe1c8dbb8c9744c

git.kernel.org/...c/bfeede26e97ce4a15a0b961118de4a0e28c9907a

git.kernel.org/...c/4e9ab5c48ad5153cc908dd29abad0cd2a92951e4

git.kernel.org/...c/301268dbaac8e9013719e162a000202eac8054be

git.kernel.org/...c/11ef72b3312752c2ff92f3c1e64912be3228ed36

git.kernel.org/...c/15d25307692312cec4b57052da73387f91a2e870

cve.org (CVE-2025-38420)

nvd.nist.gov (CVE-2025-38420)

Download JSON