CVE-2025-71229
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
18/02/2026
Last modified:
23/02/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()<br />
<br />
rtw_core_enable_beacon() reads 4 bytes from an address that is not a<br />
multiple of 4. This results in a crash on some systems.<br />
<br />
Do 1 byte reads/writes instead.<br />
<br />
Unable to handle kernel paging request at virtual address ffff8000827e0522<br />
Mem abort info:<br />
ESR = 0x0000000096000021<br />
EC = 0x25: DABT (current EL), IL = 32 bits<br />
SET = 0, FnV = 0<br />
EA = 0, S1PTW = 0<br />
FSC = 0x21: alignment fault<br />
Data abort info:<br />
ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000<br />
CM = 0, WnR = 0, TnD = 0, TagAccess = 0<br />
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0<br />
swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000005492000<br />
[ffff8000827e0522] pgd=0000000000000000, p4d=10000001021d9403, pud=10000001021da403, pmd=100000011061c403, pte=00780000f3200f13<br />
Internal error: Oops: 0000000096000021 [#1] SMP<br />
Modules linked in: [...] rtw88_8822ce rtw88_8822c rtw88_pci rtw88_core [...]<br />
CPU: 0 UID: 0 PID: 73 Comm: kworker/u32:2 Tainted: G W 6.17.9 #1-NixOS VOLUNTARY<br />
Tainted: [W]=WARN<br />
Hardware name: FriendlyElec NanoPC-T6 LTS (DT)<br />
Workqueue: phy0 rtw_c2h_work [rtw88_core]<br />
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br />
pc : rtw_pci_read32+0x18/0x40 [rtw88_pci]<br />
lr : rtw_core_enable_beacon+0xe0/0x148 [rtw88_core]<br />
sp : ffff800080cc3ca0<br />
x29: ffff800080cc3ca0 x28: ffff0001031fc240 x27: ffff000102100828<br />
x26: ffffd2cb7c9b4088 x25: ffff0001031fc2c0 x24: ffff000112fdef00<br />
x23: ffff000112fdef18 x22: ffff000111c29970 x21: 0000000000000001<br />
x20: 0000000000000001 x19: ffff000111c22040 x18: 0000000000000000<br />
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000<br />
x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000<br />
x11: 0000000000000000 x10: 0000000000000000 x9 : ffffd2cb6507c090<br />
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000<br />
x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000<br />
x2 : 0000000000007f10 x1 : 0000000000000522 x0 : ffff8000827e0522<br />
Call trace:<br />
rtw_pci_read32+0x18/0x40 [rtw88_pci] (P)<br />
rtw_hw_scan_chan_switch+0x124/0x1a8 [rtw88_core]<br />
rtw_fw_c2h_cmd_handle+0x254/0x290 [rtw88_core]<br />
rtw_c2h_work+0x50/0x98 [rtw88_core]<br />
process_one_work+0x178/0x3f8<br />
worker_thread+0x208/0x418<br />
kthread+0x120/0x220<br />
ret_from_fork+0x10/0x20<br />
Code: d28fe202 8b020000 f9524400 8b214000 (b9400000)<br />
---[ end trace 0000000000000000 ]---
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0177aa828d966117ea30a44f2e1890fdb356118e
- https://git.kernel.org/stable/c/13394550441557115bb74f6de9778c165755a7ab
- https://git.kernel.org/stable/c/653f8b6a091538b084715f259900f62c2ec1c6cf
- https://git.kernel.org/stable/c/71dee092903adb496fe1f357b267d94087b679e0
- https://git.kernel.org/stable/c/7d31dde1bd8678115329e46dc8d7afb63c176b74