CVE-2025-38420

MEDIUM EPSS 6.7%
Published Jul 25, 202511mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jul 25, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211_register_hw()', an internal workqueue managed by 'ieee80211_queue_work()' is not yet created and an attempt to queue work on it causes null-ptr-deref. [1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff [2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥2.6.38  –  <5.4.295
linuxlinux_kernel*≥5.5  –  <5.10.239
linuxlinux_kernel*≥5.11  –  <5.15.186
linuxlinux_kernel*≥5.16  –  <6.1.142
linuxlinux_kernel*≥6.2  –  <6.6.95
linuxlinux_kernel*≥6.7  –  <6.12.35
linuxlinux_kernel*≥6.13  –  <6.15.4
linuxlinux_kernel6.16any
linuxlinux_kernel6.16any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/0140d3d37f0f1759d1fdedd854c7875a86e15f8d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/11ef72b3312752c2ff92f3c1e64912be3228ed36
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/15d25307692312cec4b57052da73387f91a2e870
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/301268dbaac8e9013719e162a000202eac8054be
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4e9ab5c48ad5153cc908dd29abad0cd2a92951e4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/527fad1ae32ffa2d4853a1425fe1c8dbb8c9744c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8a3734a6f4c05fd24605148f21fb2066690d61b3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bfeede26e97ce4a15a0b961118de4a0e28c9907a
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0140d3d37f0f1759d1fdedd854c7875a86e15f8d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/11ef72b3312752c2ff92f3c1e64912be3228ed36
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/15d25307692312cec4b57052da73387f91a2e870
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/301268dbaac8e9013719e162a000202eac8054be
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4e9ab5c48ad5153cc908dd29abad0cd2a92951e4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/527fad1ae32ffa2d4853a1425fe1c8dbb8c9744c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8a3734a6f4c05fd24605148f21fb2066690d61b3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bfeede26e97ce4a15a0b961118de4a0e28c9907a
    Patch