Security Advisory

CVE-2025-38420

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-07-25 14:16:41

Last updated 2026-05-11 21:27:38

Assigner Linux

State PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesnt pass ieee80211_register_hw(), an internal workqueue managed by ieee80211_queue_work() is not yet created and an attempt to queue work on it causes null-ptr-deref. [1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff [2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217

← Browse all CVEs View on cve.org ↗