CVE-2025-22119

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: cfg80211: init wiphy_work before allocating rfkill fails<br /> <br /> syzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_free. [1]<br /> <br /> After rfkill allocation fails, the wiphy release process will be performed,<br /> which will cause cfg80211_dev_free to access the uninitialized wiphy_work<br /> related data.<br /> <br /> Move the initialization of wiphy_work to before rfkill initialization to<br /> avoid this issue.<br /> <br /> [1]<br /> INFO: trying to register non-static key.<br /> The code is fine but needs lockdep annotation, or maybe<br /> you didn&amp;#39;t initialize this object before use?<br /> turning off the locking correctness validator.<br /> CPU: 0 UID: 0 PID: 5935 Comm: syz-executor550 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014<br /> Call Trace:<br /> <br /> __dump_stack lib/dump_stack.c:94 [inline]<br /> dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120<br /> assign_lock_key kernel/locking/lockdep.c:983 [inline]<br /> register_lock_class+0xc39/0x1240 kernel/locking/lockdep.c:1297<br /> __lock_acquire+0x135/0x3c40 kernel/locking/lockdep.c:5103<br /> lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851<br /> __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]<br /> _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162<br /> cfg80211_dev_free+0x30/0x3d0 net/wireless/core.c:1196<br /> device_release+0xa1/0x240 drivers/base/core.c:2568<br /> kobject_cleanup lib/kobject.c:689 [inline]<br /> kobject_release lib/kobject.c:720 [inline]<br /> kref_put include/linux/kref.h:65 [inline]<br /> kobject_put+0x1e4/0x5a0 lib/kobject.c:737<br /> put_device+0x1f/0x30 drivers/base/core.c:3774<br /> wiphy_free net/wireless/core.c:1224 [inline]<br /> wiphy_new_nm+0x1c1f/0x2160 net/wireless/core.c:562<br /> ieee80211_alloc_hw_nm+0x1b7a/0x2260 net/mac80211/main.c:835<br /> mac80211_hwsim_new_radio+0x1d6/0x54e0 drivers/net/wireless/virtual/mac80211_hwsim.c:5185<br /> hwsim_new_radio_nl+0xb42/0x12b0 drivers/net/wireless/virtual/mac80211_hwsim.c:6242<br /> genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115<br /> genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]<br /> genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210<br /> netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2533<br /> genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219<br /> netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]<br /> netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1338<br /> netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1882<br /> sock_sendmsg_nosec net/socket.c:718 [inline]<br /> __sock_sendmsg net/socket.c:733 [inline]<br /> ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2573<br /> ___sys_sendmsg+0x135/0x1e0 net/socket.c:2627<br /> __sys_sendmsg+0x16e/0x220 net/socket.c:2659<br /> do_syscall_x64 arch/x86/entry/common.c:52 [inline]<br /> do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83<br /> <br /> Close: https://syzkaller.appspot.com/bug?extid=aaf0488c83d1d5f4f029