← back
CVE-2025-38420

wifi: carl9170: do not ping device which has failed to load firmware

3Vexday Risk Score

No sign of exploitation. No public exploitation artifact known so far.

ssvc Trackepss 0.2%
exploitation probability
0.2%top 93% of all CVEs
observed exploitation
nono source reports it
In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: do not ping device which has failed to load firmware Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211_register_hw()', an internal workqueue managed by 'ieee80211_queue_work()' is not yet created and an attempt to queue work on it causes null-ptr-deref. [1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff [2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217
Affected products
Linux · Linux