7.8
CVE-2025-38656
- EPSS 0.15%
- Veröffentlicht 22.08.2025 16:00:59
- Zuletzt bearbeitet 26.11.2025 16:32:12
- CVE-Watchlists
- Unerledigt
wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() Preserve the error code if iwl_setup_deferred_work() fails. The current code returns ERR_PTR(0) (which is NULL) on this path. I believe the missing error code potentially leads to a use after free involving debugfs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.4.297 < 5.5
Linux ≫ Linux Kernel Version >= 5.10.241 < 5.11
Linux ≫ Linux Kernel Version >= 5.15.190 < 5.16
Linux ≫ Linux Kernel Version >= 6.1.148 < 6.2
Linux ≫ Linux Kernel Version >= 6.6.102 < 6.7
Linux ≫ Linux Kernel Version >= 6.12.42 < 6.13
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.044 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://git.kernel.org/stable/c/991e2066f6009d3cb898413058c62dbcc92bd6d2
https://git.kernel.org/stable/c/1d068272c21d886d06526454b68368100ba0a720
https://git.kernel.org/stable/c/cf80c02a9fdb6c5bc8508beb6a0f6a1294fc32f6