CVE-2025-38420

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38420
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38420.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38420
Downstream
Related
Published
2025-07-25T15:15:26Z
Modified
2025-08-12T21:01:38Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: carl9170: do not ping device which has failed to load firmware

Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211registerhw()', an internal workqueue managed by 'ieee80211queuework()' is not yet created and an attempt to queue work on it causes null-ptr-deref.

[1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff [2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217

References

Affected packages