logo_clicknbuy.png

CVE-2025-21979 – “Linux Kernel WiFi cfg80211 Use-After-Free Vulnerability”

The following table lists the changes that have been made to the
CVE-2025-21979 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Apr. 01, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    wifi: cfg80211: cancel wiphy_work before freeing wiphy

    A wiphy_work can be queued from the moment the wiphy is allocated and
    initialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the
    rdev::wiphy_work is getting queued.

    If wiphy_free is called before the rdev::wiphy_work had a chance to run,
    the wiphy memory will be freed, and then when it eventally gets to run
    it’ll use invalid memory.

    Fix this by canceling the work before freeing the wiphy.
    Added Reference https://git.kernel.org/stable/c/0272d4af7f92997541d8bbf4c51918b93ded6ee2
    Added Reference https://git.kernel.org/stable/c/72d520476a2fab6f3489e8388ab524985d6c4b90
    Added Reference https://git.kernel.org/stable/c/75d262ad3c36d52852d764588fcd887f0fcd9138
    Added Reference https://git.kernel.org/stable/c/a5158d67bff06cb6fea31be39aeb319fd908ed8e
    Added Reference https://git.kernel.org/stable/c/dea22de162058216a90f2706f0d0b36f0ff309fd
Share the Post:

Related Posts