CVE-2025-21979

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-21979

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21979.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-21979

Downstream

BELL-CVE-2025-21979

DEBIAN-CVE-2025-21979

DLA-4193-1

DSA-5900-1

MINI-fr9m-hhrf-jv9j

OESA-2025-1463

OESA-2025-1464

RHSA-2025:9079

RHSA-2025:9080

SUSE-SU-2025:01707-1

SUSE-SU-2025:01919-1

SUSE-SU-2025:01951-1

SUSE-SU-2025:01964-1

SUSE-SU-2025:01967-1

UBUNTU-CVE-2025-21979

USN-7605-1

USN-7605-2

USN-7606-1

USN-7628-1

Related

Published

2025-04-01T16:15:29Z

Modified

2025-08-09T20:01:27Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: cancel wiphy_work before freeing wiphy

A wiphywork can be queued from the moment the wiphy is allocated and initialized (i.e. wiphynewnm). When a wiphywork is queued, the rdev::wiphy_work is getting queued.

If wiphyfree is called before the rdev::wiphywork had a chance to run, the wiphy memory will be freed, and then when it eventally gets to run it'll use invalid memory.

Fix this by canceling the work before freeing the wiphy.

References

Affected packages