CVE-2025-21979: wifi: cfg80211: cancel wiphy_work before freeing wiphy
First published: Tue Apr 01 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel wiphy_work before freeing wiphy A wiphy_work can be queued from the moment the wiphy is allocated and initialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the rdev::wiphy_work is getting queued. If wiphy_free is called before the rdev::wiphy_work had a chance to run, the wiphy memory will be freed, and then when it eventally gets to run it'll use invalid memory. Fix this by canceling the work before freeing the wiphy.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=6.1.57<6.1.132 | |
| Linux Kernel | >=6.5<6.6.84 | |
| Linux Kernel | >=6.7<6.12.20 | |
| Linux Kernel | >=6.13<6.13.8 | |
| Linux Kernel | =6.14-rc1 | |
| Linux Kernel | =6.14-rc2 | |
| Linux Kernel | =6.14-rc3 | |
| Linux Kernel | =6.14-rc4 | |
| Linux Kernel | =6.14-rc5 | |
| Linux Kernel | =6.14-rc6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/0272d4af7f92997541d8bbf4c51918b93ded6ee2
- https://git.kernel.org/stable/c/75d262ad3c36d52852d764588fcd887f0fcd9138
- https://git.kernel.org/stable/c/a5158d67bff06cb6fea31be39aeb319fd908ed8e
- https://git.kernel.org/stable/c/dea22de162058216a90f2706f0d0b36f0ff309fd
- https://git.kernel.org/stable/c/72d520476a2fab6f3489e8388ab524985d6c4b90
Frequently Asked Questions
What is the severity of CVE-2025-21979?
CVE-2025-21979 is classified as a medium severity vulnerability impacting the Linux kernel.
How do I fix CVE-2025-21979?
To fix CVE-2025-21979, update to the latest version of the Linux kernel that includes the necessary patches.
What systems are affected by CVE-2025-21979?
CVE-2025-21979 affects various versions of the Linux kernel where the wifi cfg80211 subsystem is used.
What are the potential impacts of CVE-2025-21979?
If exploited, CVE-2025-21979 may lead to denial of service due to improper handling of wiphy_work structures.
Is CVE-2025-21979 publicly known?
Yes, CVE-2025-21979 has been publicly disclosed and documented for awareness and remediation.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/source
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- vendor/linux
- canonical/linux kernel
- version/linux kernel/6.1.57
- version/linux kernel/6.5
- version/linux kernel/6.7
- version/linux kernel/6.13
- version/linux kernel/6.14-rc1
- version/linux kernel/6.14-rc2
- version/linux kernel/6.14-rc3
- version/linux kernel/6.14-rc4
- version/linux kernel/6.14-rc5
- version/linux kernel/6.14-rc6