CVE-2025-21979

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-21979

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21979.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-21979

Downstream

BELL-CVE-2025-21979

DEBIAN-CVE-2025-21979

DLA-4193-1

DSA-5900-1

MINI-fr9m-hhrf-jv9j

OESA-2025-1463

OESA-2025-1464

RHSA-2025:9079

RHSA-2025:9080

RLSA-2025:9079

SUSE-SU-2025:01707-1

SUSE-SU-2025:01919-1

SUSE-SU-2025:01951-1

SUSE-SU-2025:01964-1

SUSE-SU-2025:01967-1

UBUNTU-CVE-2025-21979

USN-7605-1

USN-7605-2

USN-7606-1

USN-7628-1

USN-7764-1

USN-7764-2

USN-7765-1

USN-7766-1

USN-7767-1

USN-7767-2

USN-7779-1

USN-7790-1

USN-7800-1

USN-7801-1

USN-7801-2

USN-7802-1

USN-7809-1

Related

Published

2025-04-01T15:47:08Z

Modified

2025-10-10T08:38:48.404504Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

wifi: cfg80211: cancel wiphy_work before freeing wiphy

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: cancel wiphy_work before freeing wiphy

A wiphywork can be queued from the moment the wiphy is allocated and initialized (i.e. wiphynewnm). When a wiphywork is queued, the rdev::wiphy_work is getting queued.

If wiphyfree is called before the rdev::wiphywork had a chance to run, the wiphy memory will be freed, and then when it eventally gets to run it'll use invalid memory.

Fix this by canceling the work before freeing the wiphy.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

3fcc6d7d5f40dad56dee7bde787b7e23edd4b93c

Fixed

0272d4af7f92997541d8bbf4c51918b93ded6ee2

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a3ee4dc84c4e9d14cb34dad095fd678127aca5b6

Fixed

75d262ad3c36d52852d764588fcd887f0fcd9138

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a3ee4dc84c4e9d14cb34dad095fd678127aca5b6

Fixed

a5158d67bff06cb6fea31be39aeb319fd908ed8e

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a3ee4dc84c4e9d14cb34dad095fd678127aca5b6

Fixed

dea22de162058216a90f2706f0d0b36f0ff309fd

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

a3ee4dc84c4e9d14cb34dad095fd678127aca5b6

Fixed

72d520476a2fab6f3489e8388ab524985d6c4b90

Affected versions

v6.*

v6.1.100

v6.1.101

v6.1.102

v6.1.103

v6.1.104

v6.1.105

v6.1.106

v6.1.107

v6.1.108

v6.1.109

v6.1.110

v6.1.111

v6.1.112

v6.1.113

v6.1.114

v6.1.115

v6.1.116

v6.1.117

v6.1.118

v6.1.119

v6.1.120

v6.1.121

v6.1.122

v6.1.123

v6.1.124

v6.1.125

v6.1.126

v6.1.127

v6.1.128

v6.1.129

v6.1.130

v6.1.131

v6.1.57

v6.1.58

v6.1.59

v6.1.60

v6.1.61

v6.1.62

v6.1.63

v6.1.64

v6.1.65

v6.1.66

v6.1.67

v6.1.68

v6.1.69

v6.1.70

v6.1.71

v6.1.72

v6.1.73

v6.1.74

v6.1.75

v6.1.76

v6.1.77

v6.1.78

v6.1.79

v6.1.80

v6.1.81

v6.1.82

v6.1.83

v6.1.84

v6.1.85

v6.1.86

v6.1.87

v6.1.88

v6.1.89

v6.1.90

v6.1.91

v6.1.92

v6.1.93

v6.1.94

v6.1.95

v6.1.96

v6.1.97

v6.1.98

v6.1.99

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.3

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.13.1

v6.13.2

v6.13.3

v6.13.4

v6.13.5

v6.13.6

v6.13.7

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.4

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.54

v6.6.55

v6.6.56

v6.6.57

v6.6.58

v6.6.59

v6.6.6

v6.6.60

v6.6.61

v6.6.62

v6.6.63

v6.6.64

v6.6.65

v6.6.66

v6.6.67

v6.6.68

v6.6.69

v6.6.7

v6.6.70

v6.6.71

v6.6.72

v6.6.73

v6.6.74

v6.6.75

v6.6.76

v6.6.77

v6.6.78

v6.6.79

v6.6.8

v6.6.80

v6.6.81

v6.6.82

v6.6.83

v6.6.9

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1.132

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.84

Type: ECOSYSTEM
Events: Introduced

6.5.0

Fixed

6.12.20

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.13.8