CVE-2025-37897

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release<br /> <br /> plfxlc_mac_release() asserts that mac-&gt;lock is held. This assertion is<br /> incorrect, because even if it was possible, it would not be the valid<br /> behaviour. The function is used when probe fails or after the device is<br /> disconnected. In both cases mac-&gt;lock can not be held as the driver is<br /> not working with the device at the moment. All functions that use mac-&gt;lock<br /> unlock it just after it was held. There is also no need to hold mac-&gt;lock<br /> for plfxlc_mac_release() itself, as mac data is not affected, except for<br /> mac-&gt;flags, which is modified atomically.<br /> <br /> This bug leads to the following warning:<br /> ================================================================<br /> WARNING: CPU: 0 PID: 127 at drivers/net/wireless/purelifi/plfxlc/mac.c:106 plfxlc_mac_release+0x7d/0xa0<br /> Modules linked in:<br /> CPU: 0 PID: 127 Comm: kworker/0:2 Not tainted 6.1.124-syzkaller #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024<br /> Workqueue: usb_hub_wq hub_event<br /> RIP: 0010:plfxlc_mac_release+0x7d/0xa0 drivers/net/wireless/purelifi/plfxlc/mac.c:106<br /> Call Trace:<br /> <br /> probe+0x941/0xbd0 drivers/net/wireless/purelifi/plfxlc/usb.c:694<br /> usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396<br /> really_probe+0x2ab/0xcb0 drivers/base/dd.c:639<br /> __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785<br /> driver_probe_device+0x50/0x420 drivers/base/dd.c:815<br /> __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943<br /> bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429<br /> __device_attach+0x359/0x570 drivers/base/dd.c:1015<br /> bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489<br /> device_add+0xb48/0xfd0 drivers/base/core.c:3696<br /> usb_set_configuration+0x19dd/0x2020 drivers/usb/core/message.c:2165<br /> usb_generic_driver_probe+0x84/0x140 drivers/usb/core/generic.c:238<br /> usb_probe_device+0x130/0x260 drivers/usb/core/driver.c:293<br /> really_probe+0x2ab/0xcb0 drivers/base/dd.c:639<br /> __driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785<br /> driver_probe_device+0x50/0x420 drivers/base/dd.c:815<br /> __device_attach_driver+0x2cf/0x510 drivers/base/dd.c:943<br /> bus_for_each_drv+0x183/0x200 drivers/base/bus.c:429<br /> __device_attach+0x359/0x570 drivers/base/dd.c:1015<br /> bus_probe_device+0xba/0x1e0 drivers/base/bus.c:489<br /> device_add+0xb48/0xfd0 drivers/base/core.c:3696<br /> usb_new_device+0xbdd/0x18f0 drivers/usb/core/hub.c:2620<br /> hub_port_connect drivers/usb/core/hub.c:5477 [inline]<br /> hub_port_connect_change drivers/usb/core/hub.c:5617 [inline]<br /> port_event drivers/usb/core/hub.c:5773 [inline]<br /> hub_event+0x2efe/0x5730 drivers/usb/core/hub.c:5855<br /> process_one_work+0x8a9/0x11d0 kernel/workqueue.c:2292<br /> worker_thread+0xa47/0x1200 kernel/workqueue.c:2439<br /> kthread+0x28d/0x320 kernel/kthread.c:376<br /> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295<br /> <br /> ================================================================<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with Syzkaller.