PT-2025-16759 · Linux+6 · Linux Kernel+6

Syzbort

·

Published

2025-03-18

·

Updated

2026-03-13

·

CVE-2025-22119

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-rc6-syzkaller-00103-g4003c9e78778
Description A vulnerability in the Linux kernel has been resolved, related to the initialization of wiphy work before allocating rfkill. If rfkill allocation fails, the wiphy release process will be performed, causing cfg80211 dev free to access uninitialized wiphy work related data. The issue is fixed by moving the initialization of wiphy work to before rfkill initialization.
Recommendations For Linux kernel versions prior to 6.14.0-rc6-syzkaller-00103-g4003c9e78778, update to a newer version to resolve the issue. As a temporary workaround, consider disabling the cfg80211 dev free function until a patch is available. Restrict access to the vulnerable wiphy module to minimize the risk of exploitation. Avoid using the wiphy work variable in the affected API endpoints until the issue is resolved.

Exploit

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

BDU:2025-15114
CVE-2025-22119
DLA-4328-1
DSA-5973-1
ECHO-1B40-B680-666D
MGASA-2025-0142
MGASA-2025-0146
RHSA-2025:20095
RHSA-2025:20518
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:02254-1
SUSE-SU-2025:02307-1
SUSE-SU-2025:02333-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_02000-1
SUSE-SU-2025_02254-1
SUSE-SU-2025_02307-1
SUSE-SU-2025_02333-1
USN-7594-1
USN-7594-2
USN-7594-3

Affected Products

Astra Linux
Debian
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu