{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-21979","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.798Z","datePublished":"2025-04-01T15:47:08.699Z","dateUpdated":"2026-05-11T21:10:17.494Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:10:17.494Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: cancel wiphy_work before freeing wiphy\n\nA wiphy_work can be queued from the moment the wiphy is allocated and\ninitialized (i.e. wiphy_new_nm). When a wiphy_work is queued, the\nrdev::wiphy_work is getting queued.\n\nIf wiphy_free is called before the rdev::wiphy_work had a chance to run,\nthe wiphy memory will be freed, and then when it eventally gets to run\nit'll use invalid memory.\n\nFix this by canceling the work before freeing the wiphy."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/wireless/core.c"],"versions":[{"version":"ddb1bfbf4ab5c753954d0cd728253b642934a9f2","lessThan":"8930a3e1568cf534f86c8ed2def817c6d0528fc1","status":"affected","versionType":"git"},{"version":"3fcc6d7d5f40dad56dee7bde787b7e23edd4b93c","lessThan":"0272d4af7f92997541d8bbf4c51918b93ded6ee2","status":"affected","versionType":"git"},{"version":"a3ee4dc84c4e9d14cb34dad095fd678127aca5b6","lessThan":"75d262ad3c36d52852d764588fcd887f0fcd9138","status":"affected","versionType":"git"},{"version":"a3ee4dc84c4e9d14cb34dad095fd678127aca5b6","lessThan":"a5158d67bff06cb6fea31be39aeb319fd908ed8e","status":"affected","versionType":"git"},{"version":"a3ee4dc84c4e9d14cb34dad095fd678127aca5b6","lessThan":"dea22de162058216a90f2706f0d0b36f0ff309fd","status":"affected","versionType":"git"},{"version":"a3ee4dc84c4e9d14cb34dad095fd678127aca5b6","lessThan":"72d520476a2fab6f3489e8388ab524985d6c4b90","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/wireless/core.c"],"versions":[{"version":"6.5","status":"affected"},{"version":"0","lessThan":"6.5","status":"unaffected","versionType":"semver"},{"version":"6.1.132","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.84","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.20","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13.8","lessThanOrEqual":"6.13.*","status":"unaffected","versionType":"semver"},{"version":"6.14","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.57","versionEndExcluding":"6.1.132"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.6.84"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.12.20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.13.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.14"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/8930a3e1568cf534f86c8ed2def817c6d0528fc1"},{"url":"https://git.kernel.org/stable/c/0272d4af7f92997541d8bbf4c51918b93ded6ee2"},{"url":"https://git.kernel.org/stable/c/75d262ad3c36d52852d764588fcd887f0fcd9138"},{"url":"https://git.kernel.org/stable/c/a5158d67bff06cb6fea31be39aeb319fd908ed8e"},{"url":"https://git.kernel.org/stable/c/dea22de162058216a90f2706f0d0b36f0ff309fd"},{"url":"https://git.kernel.org/stable/c/72d520476a2fab6f3489e8388ab524985d6c4b90"}],"title":"wifi: cfg80211: cancel wiphy_work before freeing wiphy","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-416","lang":"en","description":"CWE-416 Use After Free"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.8,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","integrityImpact":"HIGH","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-10-01T17:15:17.684537Z","id":"CVE-2025-21979","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-01T17:15:20.536Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:40:19.723Z"}}]}}