CVE-2025-38009

MEDIUM EPSS 6.3%
Published Jun 18, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jun 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after commit 9dd05df8403b ("net: warn if NAPI instance wasn't shut down"). Disable tx napi before deleting it in mt76_dma_cleanup(). WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 __netif_napi_del_locked+0xf0/0x100 CPU: 4 UID: 0 PID: 18828 Comm: modprobe Not tainted 6.15.0-rc4 #4 PREEMPT(lazy) Hardware name: ASUS System Product Name/PRIME X670E-PRO WIFI, BIOS 3035 09/05/2024 RIP: 0010:__netif_napi_del_locked+0xf0/0x100 Call Trace: <TASK> mt76_dma_cleanup+0x54/0x2f0 [mt76] mt7921_pci_remove+0xd5/0x190 [mt7921e] pci_device_remove+0x47/0xc0 device_release_driver_internal+0x19e/0x200 driver_detach+0x48/0x90 bus_remove_driver+0x6d/0xf0 pci_unregister_driver+0x2e/0xb0 __do_sys_delete_module.isra.0+0x197/0x2e0 do_syscall_64+0x7b/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e Tested with mt7921e but the same pattern can be actually applied to other mt76 drivers calling mt76_dma_cleanup() during removal. Tx napi is enabled in their *_dma_init() functions and only toggled off and on again inside their suspend/resume/reset paths. So it should be okay to disable tx napi in such a generic way. Found by Linux Verification Center (linuxtesting.org).

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥5.2  –  <5.10.238
linuxlinux_kernel*≥5.11  –  <5.15.184
linuxlinux_kernel*≥5.16  –  <6.1.140
linuxlinux_kernel*≥6.2  –  <6.6.92
linuxlinux_kernel*≥6.7  –  <6.12.30
linuxlinux_kernel*≥6.13  –  <6.14.8
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
linuxlinux_kernel6.15any
debiandebian_linux11.0any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/2b81e76db3667d1f7f2ad44e9835cdaf8dea95a8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5e700b06b970fc19e3a1ecb244e14785f3fbb8e3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/78ab4be549533432d97ea8989d2f00b508fa68d8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b892e830d1ea8c5475254b98827771f7366f1039
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ca5b213bf4b4224335a8131a26805d16503fca5f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e7bfbda5fddd27f3158e723d641c0fcdfb0552a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff0f820fa5b99035b3c654dd531226d8d83aec5f
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
    Third Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Third Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/2b81e76db3667d1f7f2ad44e9835cdaf8dea95a8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5e700b06b970fc19e3a1ecb244e14785f3fbb8e3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/78ab4be549533432d97ea8989d2f00b508fa68d8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b892e830d1ea8c5475254b98827771f7366f1039
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ca5b213bf4b4224335a8131a26805d16503fca5f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e7bfbda5fddd27f3158e723d641c0fcdfb0552a7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ff0f820fa5b99035b3c654dd531226d8d83aec5f
    Patch