CVE-2025-21979
📋 TL;DR
This is a use-after-free vulnerability in the Linux kernel's WiFi subsystem (cfg80211). When a wireless interface (wiphy) is freed before a scheduled work item (wiphy_work) runs, the work item may access freed memory, potentially leading to kernel crashes or code execution. This affects Linux systems using the cfg80211 WiFi framework.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, or potential kernel code execution with root privileges, resulting in complete system compromise.
Likely Case
Kernel panic causing system instability or crashes, requiring reboot to restore functionality.
If Mitigated
System remains stable with no impact if patched or if specific conditions aren't met.
🎯 Exploit Status
Exploitation requires triggering specific timing conditions between wiphy_free and wiphy_work execution. Likely requires local access or ability to interact with WiFi subsystem.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 0272d4af7f92997541d8bbf4c51918b93ded6ee2, 72d520476a2fab6f3489e8388ab524985d6c4b90, 75d262ad3c36d52852d764588fcd887f0fcd9138, 8930a3e1568cf534f86c8ed2def817c6d0528fc1, a5158d67bff06cb6fea31be39aeb319fd908ed8e
Vendor Advisory: https://git.kernel.org/stable/c/0272d4af7f92997541d8bbf4c51918b93ded6ee2
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable WiFi interfaces
linuxDisable WiFi hardware to prevent cfg80211 subsystem from being used
sudo ip link set wlan0 down
sudo rfkill block wifi
Remove WiFi kernel modules
linuxUnload WiFi-related kernel modules to disable vulnerable subsystem
sudo modprobe -r cfg80211
sudo modprobe -r mac80211
🧯 If You Can't Patch
- Disable WiFi interfaces completely using rfkill or network configuration
- Implement strict access controls to prevent unauthorized users from interacting with WiFi subsystem
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if it includes the fix commits. Use: git log --oneline | grep -E '0272d4af7f9|72d520476a2|75d262ad3c3|8930a3e1568|a5158d67bff'Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and includes the fix commits. Check that WiFi functionality still works properly after patch.📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages in /var/log/kern.log or dmesg
- OOPs (kernel crash) messages related to cfg80211 or WiFi subsystem
- System crashes or reboots after WiFi operations
Network Indicators:
- Unusual WiFi interface state changes
- Multiple WiFi interface resets
SIEM Query:
source="kernel" AND ("panic" OR "Oops" OR "BUG") AND ("cfg80211" OR "wiphy" OR "WiFi")🔗 References
- https://git.kernel.org/stable/c/0272d4af7f92997541d8bbf4c51918b93ded6ee2
- https://git.kernel.org/stable/c/72d520476a2fab6f3489e8388ab524985d6c4b90
- https://git.kernel.org/stable/c/75d262ad3c36d52852d764588fcd887f0fcd9138
- https://git.kernel.org/stable/c/8930a3e1568cf534f86c8ed2def817c6d0528fc1
- https://git.kernel.org/stable/c/a5158d67bff06cb6fea31be39aeb319fd908ed8e
- https://git.kernel.org/stable/c/dea22de162058216a90f2706f0d0b36f0ff309fd
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
