Memory Management Flaw in Linux Kernel Affects Wireless Functionality
CVE-2025-21979

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-21979?

A vulnerability in the Linux kernel has been identified where the cfg80211 subsystem does not properly handle queued work for wireless devices (wiphy). If the wiphy is freed before the associated work is canceled, it may lead to the use of invalid memory during execution. This flaw poses a risk to system stability and could potentially lead to unexpected behavior or crashes. It is crucial to ensure that any queued work is canceled before the associated wiphy memory is freed to mitigate this issue.

Affected Version(s)

Linux 3fcc6d7d5f40dad56dee7bde787b7e23edd4b93c < 0272d4af7f92997541d8bbf4c51918b93ded6ee2

Linux a3ee4dc84c4e9d14cb34dad095fd678127aca5b6 < 75d262ad3c36d52852d764588fcd887f0fcd9138

Linux a3ee4dc84c4e9d14cb34dad095fd678127aca5b6

References

https://git.kernel.org/stable/c/0272d4af7f92997541d8bbf4c...

https://git.kernel.org/stable/c/75d262ad3c36d52852d764588...

https://git.kernel.org/stable/c/a5158d67bff06cb6fea31be39...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Dec 29, 2024

JSON