AZL-66449

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66449.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-66449

Upstream

CVE-2025-38604

Published

2025-08-19T17:15:38Z

Modified

2026-04-01T05:20:57.992355Z

Summary

CVE-2025-38604 affecting package kernel for versions less than 6.6.104.2-1

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtl818x: Kill URBs before clearing tx status queue

In rtl8187stop() move the call of usbkillanchoredurbs() before clearing btxstatus.queue. This change prevents callbacks from using already freed skb due to anchor was not killed before freeing such skb.

BUG: kernel NULL pointer dereference, address: 0000000000000080 #PF: supervisor read access in kernel mode #PF: errorcode(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 7 UID: 0 PID: 0 Comm: swapper/7 Not tainted 6.15.0 #8 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015 RIP: 0010:ieee80211txstatusirqsafe+0x21/0xc0 [mac80211] Call Trace: <IRQ> rtl8187txcb+0x116/0x150 [rtl8187] __usbhcdgiveback_urb+0x9d/0x120 usbgivebackurbbh+0xbb/0x140 processonework+0x19b/0x3c0 bhworker+0x1a7/0x210 taskletaction+0x10/0x30 handlesoftirqs+0xf0/0x340 _irqexitrcu+0xcd/0xf0 commoninterrupt+0x85/0xa0 </IRQ>

Tested on RTL8187BvE device.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-38604

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.104.2-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66449.json"