CVE-2025-38656

Preserve the error code if iwlsetupdeferredwork() fails. The current code returns ERRPTR(0) (which is NULL) on this path. I believe the missing error code potentially leads to a use after free involving debugfs.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38656.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

c0e43c3f6c0a79381b468574c241065998412b7c

Fixed

991e2066f6009d3cb898413058c62dbcc92bd6d2

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

70a1b527eaea9430b1bd87de59f3b9f6bd225701

Fixed

1d068272c21d886d06526454b68368100ba0a720

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

90a0d9f339960448a3acc1437a46730f975efd6a

Fixed

cf80c02a9fdb6c5bc8508beb6a0f6a1294fc32f6

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c80832d445653baba5ac80cd2c2637c437ac881b

Last affected

b398120fbe0acfef60b16f6a0f69902d385d7728

Last affected

2e9f85ee3b46453a2f250a57d3a9f10c70c71202

Last affected

6663c52608d8d8727bf1911e6d9218069ba1c85e

Last affected

ca980f1911a7144d451d1c31298ab8507c6bd88f

Last affected

7dd6350307af6521b6240b295c93b7eec4daebe6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38656.json"