CVE-2025-21730

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed<br /> <br /> If WoWLAN failed in resume flow, the rtw89_ops_add_interface() triggered<br /> without removing the interface first. Then the mgnt_entry list init again,<br /> causing the list_empty() check in rtw89_chanctx_ops_assign_vif()<br /> useless, and list_add_tail() again. Therefore, we have added a check to<br /> prevent double adding of the list.<br /> <br /> rtw89_8852ce 0000:01:00.0: failed to check wow status disabled<br /> rtw89_8852ce 0000:01:00.0: wow: failed to check disable fw ready<br /> rtw89_8852ce 0000:01:00.0: wow: failed to swap to normal fw<br /> rtw89_8852ce 0000:01:00.0: failed to disable wow<br /> rtw89_8852ce 0000:01:00.0: failed to resume for wow -110<br /> rtw89_8852ce 0000:01:00.0: MAC has already powered on<br /> i2c_hid_acpi i2c-ILTK0001:00: PM: acpi_subsys_resume+0x0/0x60 returned 0 after 284705 usecs<br /> list_add corruption. prev-&gt;next should be next (ffff9d9719d82228), but was ffff9d9719f96030. (prev=ffff9d9719f96030).<br /> ------------[ cut here ]------------<br /> kernel BUG at lib/list_debug.c:34!<br /> invalid opcode: 0000 [#1] PREEMPT SMP NOPTI<br /> CPU: 2 PID: 6918 Comm: kworker/u8:19 Tainted: G U O<br /> Hardware name: Google Anraggar/Anraggar, BIOS Google_Anraggar.15217.514.0 03/25/2024<br /> Workqueue: events_unbound async_run_entry_fn<br /> RIP: 0010:__list_add_valid_or_report+0x9f/0xb0<br /> Code: e8 56 89 ff ff 0f 0b 48 c7 c7 3e fc e0 96 48 89 c6 e8 45 89 ff ...<br /> RSP: 0018:ffffa51b42bbbaf0 EFLAGS: 00010246<br /> RAX: 0000000000000075 RBX: ffff9d9719d82ab0 RCX: 13acb86e047a4400<br /> RDX: 3fffffffffffffff RSI: 0000000000000000 RDI: 00000000ffffdfff<br /> RBP: ffffa51b42bbbb28 R08: ffffffff9768e250 R09: 0000000000001fff<br /> R10: ffffffff9765e250 R11: 0000000000005ffd R12: ffff9d9719f95c40<br /> R13: ffff9d9719f95be8 R14: ffff9d97081bfd78 R15: ffff9d9719d82060<br /> FS: 0000000000000000(0000) GS:ffff9d9a6fb00000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007e7d029a4060 CR3: 0000000345e38000 CR4: 0000000000750ee0<br /> PKRU: 55555554<br /> Call Trace:<br /> <br /> ? __die_body+0x68/0xb0<br /> ? die+0xaa/0xd0<br /> ? do_trap+0x9f/0x170<br /> ? __list_add_valid_or_report+0x9f/0xb0<br /> ? __list_add_valid_or_report+0x9f/0xb0<br /> ? handle_invalid_op+0x69/0x90<br /> ? __list_add_valid_or_report+0x9f/0xb0<br /> ? exc_invalid_op+0x3c/0x50<br /> ? asm_exc_invalid_op+0x16/0x20<br /> ? __list_add_valid_or_report+0x9f/0xb0<br /> rtw89_chanctx_ops_assign_vif+0x1f9/0x210 [rtw89_core cbb375c44bf28564ce479002bff66617a25d9ac1]<br /> ? __mutex_unlock_slowpath+0xa0/0xf0<br /> rtw89_ops_assign_vif_chanctx+0x4b/0x90 [rtw89_core cbb375c44bf28564ce479002bff66617a25d9ac1]<br /> drv_assign_vif_chanctx+0xa7/0x1f0 [mac80211 6efaad16237edaaea0868b132d4f93ecf918a8b6]<br /> ieee80211_reconfig+0x9cb/0x17b0 [mac80211 6efaad16237edaaea0868b132d4f93ecf918a8b6]<br /> ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 572d03acaaa933fe38251be7fce3b3675284b8ed]<br /> ? dev_printk_emit+0x51/0x70<br /> ? _dev_info+0x6e/0x90<br /> wiphy_resume+0x89/0x180 [cfg80211 572d03acaaa933fe38251be7fce3b3675284b8ed]<br /> ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 572d03acaaa933fe38251be7fce3b3675284b8ed]<br /> dpm_run_callback+0x37/0x1e0<br /> device_resume+0x26d/0x4b0<br /> ? __pfx_dpm_watchdog_handler+0x10/0x10<br /> async_resume+0x1d/0x30<br /> async_run_entry_fn+0x29/0xd0<br /> worker_thread+0x397/0x970<br /> kthread+0xed/0x110<br /> ? __pfx_worker_thread+0x10/0x10<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork+0x38/0x50<br /> ? __pfx_kthread+0x10/0x10<br /> ret_from_fork_asm+0x1b/0x30<br />