CVE-2025-38420
Published: Jul 25, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211_register_hw()', an internal workqueue managed by 'ieee80211_queue_work()' is not yet created and an attempt to queue work on it causes null-ptr-deref. [1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff [2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected e4a668c59080f862af3ecc28b359533027cbe434 - < 0140d3d37f0f1759d1fdedd854c7875a86e15f8daffected e4a668c59080f862af3ecc28b359533027cbe434 - < 8a3734a6f4c05fd24605148f21fb2066690d61b3affected e4a668c59080f862af3ecc28b359533027cbe434 - < 527fad1ae32ffa2d4853a1425fe1c8dbb8c9744caffected e4a668c59080f862af3ecc28b359533027cbe434 - < bfeede26e97ce4a15a0b961118de4a0e28c9907aaffected e4a668c59080f862af3ecc28b359533027cbe434 - < 4e9ab5c48ad5153cc908dd29abad0cd2a92951e4+3 more versions |
Linux | Linux | affected 2.6.38unaffected 0 - < 2.6.38unaffected 5.4.295 - <= 5.4.*unaffected 5.10.239 - <= 5.10.*unaffected 5.15.186 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now