Dave Olsthoorn

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.12.4 **Description** A deadlock vulnerability has been resolved in the Linux kernel. The issue occurs when the `cfg80211 unregister wdev()` function is called while the link is still up, causing a deadlock due to the `wiphy` lock being held. This can happen when the driver is removed or when the firmware is reset. The `nl80211 del interface()` function already handles a similar case by bringing down the link before deleting the interface. To resolve this issue, the `mwifiex` teardown process has been modified to bring down the link before deleting the interface. **Recommendations** To resolve this issue, update the Linux kernel to a version later than 5.12.4. Note: The provided information does not specify the exact version that contains the fix, so it is recommended to update to the latest available version. As a temporary workaround, consider disabling the `mwifiex` driver until a patch is available. However, this may have significant implications for wireless connectivity and should be carefully considered before implementation. It is also recommended to restrict access to the vulnerable `mwifiex` module to minimize the risk of exploitation. Avoid using the `cfg80211 unregister wdev()` function in the affected kernel versions until the issue is resolved. At the moment, there is no other information about additional mitigation measures.