CVE-2025-38009
📋 TL;DR
This CVE describes a race condition in the Linux kernel's mt76 WiFi driver where NAPI (New API for network processing) isn't properly disabled during driver removal, causing a kernel warning. This affects systems using MediaTek mt76-based WiFi hardware (like mt7921e) when unloading the driver. The vulnerability doesn't allow remote code execution but can cause system instability.
💻 Affected Systems
- Linux kernel with mt76 WiFi drivers
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system crash when unloading the WiFi driver, potentially causing denial of service on affected systems.
Likely Case
Kernel warning messages in system logs during driver removal/module unloading, with possible minor system instability.
If Mitigated
No impact if the driver isn't being unloaded or if the patch is applied.
🎯 Exploit Status
This is a reliability issue rather than a security exploit. Requires local access and module unloading privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commit 2b81e76db3667d1f7f2ad44e9835cdaf8dea95a8 or later
Vendor Advisory: https://git.kernel.org/stable/c/2b81e76db3667d1f7f2ad44e9835cdaf8dea95a8
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commit 2b81e76db3667d1f7f2ad44e9835cdaf8dea95a8
2. Reboot system to load new kernel
3. Verify mt76 driver version matches patched kernel
🔧 Temporary Workarounds
Avoid driver unloading
linuxPrevent unloading of mt76 WiFi drivers to avoid triggering the race condition
echo 'install mt76 /bin/false' >> /etc/modprobe.d/disable-mt76.conf
echo 'blacklist mt76' >> /etc/modprobe.d/blacklist-mt76.conf
🧯 If You Can't Patch
- Avoid unloading mt76 WiFi drivers during maintenance operations
- Monitor system logs for WARNING messages related to __netif_napi_del_locked and investigate any occurrences
🔍 How to Verify
Check if Vulnerable:
Check if mt76 driver is loaded: lsmod | grep mt76. If loaded, check kernel version against affected range.Check Version:
uname -rVerify Fix Applied:
Check kernel version contains fix commit: uname -r and verify against patched kernel versions. Test unloading mt76 module (if safe to do so) and check dmesg for warnings.📡 Detection & Monitoring
Log Indicators:
- WARNING messages in dmesg or kernel logs containing '__netif_napi_del_locked'
- Kernel stack traces mentioning mt76_dma_cleanup during module removal
Network Indicators:
- None - this is a local kernel issue
SIEM Query:
source="kernel" AND "__netif_napi_del_locked" AND "mt76"🔗 References
- https://git.kernel.org/stable/c/2b81e76db3667d1f7f2ad44e9835cdaf8dea95a8
- https://git.kernel.org/stable/c/5e700b06b970fc19e3a1ecb244e14785f3fbb8e3
- https://git.kernel.org/stable/c/78ab4be549533432d97ea8989d2f00b508fa68d8
- https://git.kernel.org/stable/c/b892e830d1ea8c5475254b98827771f7366f1039
- https://git.kernel.org/stable/c/ca5b213bf4b4224335a8131a26805d16503fca5f
- https://git.kernel.org/stable/c/e7bfbda5fddd27f3158e723d641c0fcdfb0552a7
- https://git.kernel.org/stable/c/ff0f820fa5b99035b3c654dd531226d8d83aec5f
- https://lists.debian.org/debian-lts-announce/2025/08/msg00010.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
