Mutex Locking Vulnerability in the Linux Kernel Affecting Wireless Communication
CVE-2025-38643

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38643?

A concurrency-related vulnerability exists in the Linux kernel's cfg80211 subsystem. The issue arises when the function cfg80211_check_and_end_cac() fails to ensure proper mutex acquisition before calling wdev_chandef(). As a result, the worker thread cfg80211_propagate_cac_done_wk() may be executed without holding the required lock, leading to potential race conditions, inconsistent behavior, and warning messages when certain tests are run. This vulnerability stresses the importance of robust locking mechanisms in wireless communication code paths.

Affected Version(s)

Linux 26ec17a1dc5ecdd8d91aba63ead6f8b5ad5dea0d < 7022df2248c08c6f75a01714163ac902333bf3db

Linux 26ec17a1dc5ecdd8d91aba63ead6f8b5ad5dea0d

Linux 26ec17a1dc5ecdd8d91aba63ead6f8b5ad5dea0d < 2c5dee15239f3f3e31aa5c8808f18996c039e2c1

References

https://git.kernel.org/stable/c/7022df2248c08c6f75a017141...

https://git.kernel.org/stable/c/dbce810607726408f889d3358...

https://git.kernel.org/stable/c/2c5dee15239f3f3e31aa5c880...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025