CVE-2025-38656

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() Preserve the error code if iwl_setup_deferred_work() fails. The current code returns ERR_PTR(0) (which is NULL) on this path. I believe the missing error code potentially leads to a use after free involving debugfs.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1d068272c21d886d06526454b68368100ba0a720	Patch
https://git.kernel.org/stable/c/991e2066f6009d3cb898413058c62dbcc92bd6d2	Patch
https://git.kernel.org/stable/c/cf80c02a9fdb6c5bc8508beb6a0f6a1294fc32f6	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

26 Nov 2025, 16:32

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/1d068272c21d886d06526454b68368100ba0a720 -~~	() https://git.kernel.org/stable/c/1d068272c21d886d06526454b68368100ba0a720 - Patch
References	~~() https://git.kernel.org/stable/c/991e2066f6009d3cb898413058c62dbcc92bd6d2 -~~	() https://git.kernel.org/stable/c/991e2066f6009d3cb898413058c62dbcc92bd6d2 - Patch
References	~~() https://git.kernel.org/stable/c/cf80c02a9fdb6c5bc8508beb6a0f6a1294fc32f6 -~~	() https://git.kernel.org/stable/c/cf80c02a9fdb6c5bc8508beb6a0f6a1294fc32f6 - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: Se corrige el código de error en iwl_op_mode_dvm_start(). Se conserva el código de error si iwl_setup_deferred_work() falla. El código actual devuelve ERR_PTR(0) (que es NULL) en esta ruta. Creo que la falta del código de error podría provocar un uso posterior a la liberación que involucre debugfs.
First Time		Linux Linux linux Kernel
CWE		CWE-416

22 Aug 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-22 16:15

Updated : 2025-11-26 16:32

NVD link : CVE-2025-38656

Mitre link : CVE-2025-38656

CVE.ORG link : CVE-2025-38656

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-416

Use After Free

7.8 /10