Linux Kernel Vulnerability Affecting iwlwifi Driver
CVE-2025-38656

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
22 August 2025

What is CVE-2025-38656?

A vulnerability in the iwlwifi driver of the Linux kernel allows for improper error handling during the initialization process. Specifically, if iwl_setup_deferred_work() fails, the driver erroneously returns a NULL pointer instead of the appropriate error code. This oversight may result in a use-after-free condition involving debugfs, posing potential risks to system integrity and stability. It is crucial for system administrators and users of Linux-based systems to ensure they are on updated versions of the kernel to mitigate this vulnerability.

Affected Version(s)

Linux c0e43c3f6c0a79381b468574c241065998412b7c < 991e2066f6009d3cb898413058c62dbcc92bd6d2

Linux 70a1b527eaea9430b1bd87de59f3b9f6bd225701 < 1d068272c21d886d06526454b68368100ba0a720

Linux 90a0d9f339960448a3acc1437a46730f975efd6a

References

https://git.kernel.org/stable/c/991e2066f6009d3cb89841305...
https://git.kernel.org/stable/c/1d068272c21d886d06526454b...
https://git.kernel.org/stable/c/cf80c02a9fdb6c5bc8508beb6...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38656 : Linux Kernel Vulnerability Affecting iwlwifi Driver