CVE-2025-38643
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/08/2025
Last modified:
01/12/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()<br />
<br />
Callers of wdev_chandef() must hold the wiphy mutex.<br />
<br />
But the worker cfg80211_propagate_cac_done_wk() never takes the lock.<br />
Which triggers the warning below with the mesh_peer_connected_dfs<br />
test from hostapd and not (yet) released mac80211 code changes:<br />
<br />
WARNING: CPU: 0 PID: 495 at net/wireless/chan.c:1552 wdev_chandef+0x60/0x165<br />
Modules linked in:<br />
CPU: 0 UID: 0 PID: 495 Comm: kworker/u4:2 Not tainted 6.14.0-rc5-wt-g03960e6f9d47 #33 13c287eeabfe1efea01c0bcc863723ab082e17cf<br />
Workqueue: cfg80211 cfg80211_propagate_cac_done_wk<br />
Stack:<br />
00000000 00000001 ffffff00 6093267c<br />
00000000 6002ec30 6d577c50 60037608<br />
00000000 67e8d108 6063717b 00000000<br />
Call Trace:<br />
[] ? _printk+0x0/0x98<br />
[] show_stack+0x10e/0x11a<br />
[] ? _printk+0x0/0x98<br />
[] dump_stack_lvl+0x71/0xb8<br />
[] ? wdev_chandef+0x60/0x165<br />
[] dump_stack+0x1e/0x20<br />
[] __warn+0x101/0x20f<br />
[] warn_slowpath_fmt+0xe3/0x15d<br />
[] ? mark_lock.part.0+0x0/0x4ec<br />
[] ? __this_cpu_preempt_check+0x0/0x16<br />
[] ? mark_held_locks+0x5a/0x6e<br />
[] ? warn_slowpath_fmt+0x0/0x15d<br />
[] ? unblock_signals+0x3a/0xe7<br />
[] ? um_set_signals+0x2d/0x43<br />
[] ? __this_cpu_preempt_check+0x0/0x16<br />
[] ? lock_is_held_type+0x207/0x21f<br />
[] wdev_chandef+0x60/0x165<br />
[] regulatory_propagate_dfs_state+0x247/0x43f<br />
[] ? um_set_signals+0x0/0x43<br />
[] cfg80211_propagate_cac_done_wk+0x3a/0x4a<br />
[] process_scheduled_works+0x3bc/0x60e<br />
[] ? move_linked_works+0x4d/0x81<br />
[] ? assign_work+0x0/0xaa<br />
[] worker_thread+0x220/0x2dc<br />
[] ? set_pf_worker+0x0/0x57<br />
[] ? to_kthread+0x0/0x43<br />
[] kthread+0x2d3/0x2e2<br />
[] ? worker_thread+0x0/0x2dc<br />
[] ? calculate_sigpending+0x0/0x56<br />
[] new_thread_handler+0x4a/0x64<br />
irq event stamp: 614611<br />
hardirqs last enabled at (614621): [] __up_console_sem+0x82/0xaf<br />
hardirqs last disabled at (614630): [] __up_console_sem+0x43/0xaf<br />
softirqs last enabled at (614268): [] __ieee80211_wake_queue+0x933/0x985<br />
softirqs last disabled at (614266): [] __ieee80211_wake_queue+0x643/0x985
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.14.170 (including) | 4.15 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19.102 (including) | 4.20 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.4.18 (including) | 5.5 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5.1 (including) | 6.6.118 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.57 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.15.10 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.16 (including) | 6.16.1 (excluding) |
| cpe:2.3:o:linux:linux_kernel:5.5:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:5.5:rc7:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/2c5dee15239f3f3e31aa5c8808f18996c039e2c1
- https://git.kernel.org/stable/c/4a63523d3541eef4cf504a9682e6fbe94ffe79a6
- https://git.kernel.org/stable/c/7022df2248c08c6f75a01714163ac902333bf3db
- https://git.kernel.org/stable/c/b3d24038eb775f2f7a1dfef58d8e1dc444a12820
- https://git.kernel.org/stable/c/dbce810607726408f889d3358f4780fd1436861e