Linux Kernel Vulnerability in Carl9170 Firmware Loading Process
CVE-2025-38420

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-38420?

A vulnerability in the Linux kernel affects the carl9170 wireless device. It occurs when an attempt is made to ping a device that has failed to load its firmware. Since the device does not complete the 'ieee80211_register_hw()' process, it does not create the necessary internal workqueue managed by 'ieee80211_queue_work()'. This results in a null pointer dereference, potentially leading to crashes. The issue has been reported and a fix has been implemented in subsequent kernel updates.

Affected Version(s)

Linux e4a668c59080f862af3ecc28b359533027cbe434 < 0140d3d37f0f1759d1fdedd854c7875a86e15f8d

Linux e4a668c59080f862af3ecc28b359533027cbe434 < 8a3734a6f4c05fd24605148f21fb2066690d61b3

Linux e4a668c59080f862af3ecc28b359533027cbe434 < 527fad1ae32ffa2d4853a1425fe1c8dbb8c9744c

References

https://git.kernel.org/stable/c/0140d3d37f0f1759d1fdedd85...

https://git.kernel.org/stable/c/8a3734a6f4c05fd24605148f2...

https://git.kernel.org/stable/c/527fad1ae32ffa2d4853a1425...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 16, 2025