-

CVE-2025-38420

EPSS 0.04%
Veröffentlicht 25.07.2025 15:15:26
Zuletzt bearbeitet 25.07.2025 15:29:19
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

wifi: carl9170: do not ping device which has failed to load firmware

Syzkaller reports [1, 2] crashes caused by an attempts to ping
the device which has failed to load firmware. Since such a device
doesn't pass 'ieee80211_register_hw()', an internal workqueue
managed by 'ieee80211_queue_work()' is not yet created and an
attempt to queue work on it causes null-ptr-deref.

[1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff
[2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 0140d3d37f0f1759d1fdedd854c7875a86e15f8d

Version e4a668c59080f862af3ecc28b359533027cbe434

Status affected

Version < 8a3734a6f4c05fd24605148f21fb2066690d61b3

Version e4a668c59080f862af3ecc28b359533027cbe434

Status affected

Version < 527fad1ae32ffa2d4853a1425fe1c8dbb8c9744c

Version e4a668c59080f862af3ecc28b359533027cbe434

Status affected

Version < bfeede26e97ce4a15a0b961118de4a0e28c9907a

Version e4a668c59080f862af3ecc28b359533027cbe434

Status affected

Version < 4e9ab5c48ad5153cc908dd29abad0cd2a92951e4

Version e4a668c59080f862af3ecc28b359533027cbe434

Status affected

Version < 301268dbaac8e9013719e162a000202eac8054be

Version e4a668c59080f862af3ecc28b359533027cbe434

Status affected

Version < 11ef72b3312752c2ff92f3c1e64912be3228ed36

Version e4a668c59080f862af3ecc28b359533027cbe434

Status affected

Version < 15d25307692312cec4b57052da73387f91a2e870

Version e4a668c59080f862af3ecc28b359533027cbe434

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.38

Status affected

Version < 2.6.38

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.295

Status unaffected

Version <= 5.10.*

Version 5.10.239

Status unaffected

Version <= 5.15.*

Version 5.15.186

Status unaffected

Version <= 6.1.*

Version 6.1.142

Status unaffected

Version <= 6.6.*

Version 6.6.95

Status unaffected

Version <= 6.12.*

Version 6.12.35

Status unaffected

Version <= 6.15.*

Version 6.15.4

Status unaffected

Version <= *

Version 6.16

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/0140d3d37f0f1759d1fdedd854c7875a86e15f8d

https://git.kernel.org/stable/c/11ef72b3312752c2ff92f3c1e64912be3228ed36

https://git.kernel.org/stable/c/15d25307692312cec4b57052da73387f91a2e870

https://git.kernel.org/stable/c/301268dbaac8e9013719e162a000202eac8054be

https://git.kernel.org/stable/c/4e9ab5c48ad5153cc908dd29abad0cd2a92951e4

https://git.kernel.org/stable/c/527fad1ae32ffa2d4853a1425fe1c8dbb8c9744c

https://git.kernel.org/stable/c/8a3734a6f4c05fd24605148f21fb2066690d61b3

https://git.kernel.org/stable/c/bfeede26e97ce4a15a0b961118de4a0e28c9907a

https://nvd.nist.gov/vuln/detail/CVE-2025-38420

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-38420

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-38420

EUVD