CVE-2025-22119
📋 TL;DR
A race condition vulnerability in the Linux kernel's cfg80211 WiFi subsystem where wiphy_work_lock is accessed before proper initialization when rfkill allocation fails. This can cause kernel lockdep warnings or potential crashes during WiFi device initialization. Affects Linux systems using the cfg80211 WiFi subsystem.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash during WiFi device initialization, leading to denial of service.
Likely Case
Kernel lockdep warnings and potential system instability during WiFi operations, particularly when creating/destroying WiFi interfaces.
If Mitigated
Minor performance impact from lockdep validation being disabled, but system remains functional.
🎯 Exploit Status
Discovered via syzkaller fuzzing. Exploitation requires triggering rfkill allocation failure during WiFi device setup.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in Linux kernel stable commits: 2617f60c3613, 60606efbf525, 7e6040853f5b, b679fe84cd5c, eeacfbab9842
Vendor Advisory: https://git.kernel.org/stable/c/2617f60c3613ef105b8db2d514d2cac2a1836f7d
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix. 2. Check distribution-specific security advisories. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable vulnerable WiFi drivers
linuxPrevent loading of cfg80211-based WiFi drivers to avoid triggering the vulnerability
echo 'blacklist cfg80211' >> /etc/modprobe.d/blacklist.conf
update-initramfs -u
🧯 If You Can't Patch
- Restrict access to WiFi configuration tools to privileged users only
- Monitor system logs for lockdep warnings related to cfg80211_dev_free
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if it contains the fix commits. Run: uname -r and compare with distribution security advisories.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and check dmesg for absence of lockdep warnings related to cfg80211_dev_free📡 Detection & Monitoring
Log Indicators:
- Kernel lockdep warnings mentioning cfg80211_dev_free
- Messages about uninitialized wiphy_work_lock
- WiFi initialization failures
Network Indicators:
- Unusual WiFi interface creation/destruction patterns
SIEM Query:
source="kernel" AND ("cfg80211_dev_free" OR "wiphy_work_lock" OR "lockdep")🔗 References
- https://git.kernel.org/stable/c/2617f60c3613ef105b8db2d514d2cac2a1836f7d
- https://git.kernel.org/stable/c/60606efbf52582c0ab93e99789fddced6b47297a
- https://git.kernel.org/stable/c/7e6040853f5b5f067a18c52286e676bc298fe6a2
- https://git.kernel.org/stable/c/b679fe84cd5cc6f3481b7131fd28676191ad2615
- https://git.kernel.org/stable/c/eeacfbab984200dcdcd68fcf4c6e91e2c6b38792
- https://git.kernel.org/stable/c/fc88dee89d7b63eeb17699393eb659aadf9d9b7c
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
