CVE-2025-21730: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed If WoWLAN failed in resume flow, the rtw89_ops_add_interface() triggered without removing the interface first. Then the mgnt_entry list init again, causing the list_empty() check in rtw89_chanctx_ops_assign_vif() useless, and list_add_tail() again. Therefore, we have added a check to prevent double adding of the list. rtw89_8852ce 0000:01:00.0: failed to check wow status disabled rtw89_8852ce 0000:01:00.0: wow: failed to check disable fw ready rtw89_8852ce 0000:01:00.0: wow: failed to swap to normal fw rtw89_8852ce 0000:01:00.0: failed to disable wow rtw89_8852ce 0000:01:00.0: failed to resume for wow -110 rtw89_8852ce 0000:01:00.0: MAC has already powered on i2c_hid_acpi i2c-ILTK0001:00: PM: acpi_subsys_resume+0x0/0x60 returned 0 after 284705 usecs list_add corruption. prev->next should be next (ffff9d9719d82228), but was ffff9d9719f96030. (prev=ffff9d9719f96030). ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:34! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 2 PID: 6918 Comm: kworker/u8:19 Tainted: G U O Hardware name: Google Anraggar/Anraggar, BIOS Google_Anraggar.15217.514.0 03/25/2024 Workqueue: events_unbound async_run_entry_fn RIP: 0010:__list_add_valid_or_report+0x9f/0xb0 Code: e8 56 89 ff ff 0f 0b 48 c7 c7 3e fc e0 96 48 89 c6 e8 45 89 ff ... RSP: 0018:ffffa51b42bbbaf0 EFLAGS: 00010246 RAX: 0000000000000075 RBX: ffff9d9719d82ab0 RCX: 13acb86e047a4400 RDX: 3fffffffffffffff RSI: 0000000000000000 RDI: 00000000ffffdfff RBP: ffffa51b42bbbb28 R08: ffffffff9768e250 R09: 0000000000001fff R10: ffffffff9765e250 R11: 0000000000005ffd R12: ffff9d9719f95c40 R13: ffff9d9719f95be8 R14: ffff9d97081bfd78 R15: ffff9d9719d82060 FS: 0000000000000000(0000) GS:ffff9d9a6fb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007e7d029a4060 CR3: 0000000345e38000 CR4: 0000000000750ee0 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x68/0xb0 ? die+0xaa/0xd0 ? do_trap+0x9f/0x170 ? __list_add_valid_or_report+0x9f/0xb0 ? __list_add_valid_or_report+0x9f/0xb0 ? handle_invalid_op+0x69/0x90 ? __list_add_valid_or_report+0x9f/0xb0 ? exc_invalid_op+0x3c/0x50 ? asm_exc_invalid_op+0x16/0x20 ? __list_add_valid_or_report+0x9f/0xb0 rtw89_chanctx_ops_assign_vif+0x1f9/0x210 [rtw89_core cbb375c44bf28564ce479002bff66617a25d9ac1] ? __mutex_unlock_slowpath+0xa0/0xf0 rtw89_ops_assign_vif_chanctx+0x4b/0x90 [rtw89_core cbb375c44bf28564ce479002bff66617a25d9ac1] drv_assign_vif_chanctx+0xa7/0x1f0 [mac80211 6efaad16237edaaea0868b132d4f93ecf918a8b6] ieee80211_reconfig+0x9cb/0x17b0 [mac80211 6efaad16237edaaea0868b132d4f93ecf918a8b6] ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 572d03acaaa933fe38251be7fce3b3675284b8ed] ? dev_printk_emit+0x51/0x70 ? _dev_info+0x6e/0x90 wiphy_resume+0x89/0x180 [cfg80211 572d03acaaa933fe38251be7fce3b3675284b8ed] ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 572d03acaaa933fe38251be7fce3b3675284b8ed] dpm_run_callback+0x37/0x1e0 device_resume+0x26d/0x4b0 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x29/0xd0 worker_thread+0x397/0x970 kthread+0xed/0x110 ? __pfx_worker_thread+0x10/0x10 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x38/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>
AI Analysis
Technical Summary
CVE-2025-21730 is a vulnerability in the Linux kernel specifically related to the rtw89 wireless driver, which supports certain Realtek Wi-Fi chipsets. The flaw arises during the handling of Wake on Wireless LAN (WoWLAN) functionality in the resume flow of the device. When WoWLAN fails, the function rtw89_ops_add_interface() is triggered without first removing the existing interface, causing the mgnt_entry list to be initialized twice. This double initialization bypasses the list_empty() check in rtw89_chanctx_ops_assign_vif(), leading to a second addition of the same list entry via list_add_tail(). This results in list corruption, which triggers a kernel BUG and an invalid opcode exception, causing a kernel panic or system crash. The detailed kernel logs show the failure to disable WoWLAN properly and the subsequent list corruption, culminating in a kernel panic at lib/list_debug.c. The root cause is a missing check to prevent double adding of list entries, which has been addressed in the patch. The vulnerability affects Linux kernel versions containing the rtw89 driver with the affected commit hashes listed. The issue is a memory/list corruption bug triggered by improper handling of WoWLAN failure states, leading to system instability and denial of service. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the vulnerable rtw89 wireless driver, commonly found in devices using Realtek 8852CE Wi-Fi chipsets. The impact is mainly denial of service due to kernel panics triggered by WoWLAN failure during device resume, which can cause system crashes and potential downtime. This can affect servers, workstations, or embedded devices relying on these wireless components. Critical infrastructure or enterprises using Linux-based systems with these Wi-Fi chipsets could face operational disruptions. While the vulnerability does not directly allow remote code execution or privilege escalation, the resulting kernel panic can be exploited for targeted denial of service attacks, especially in environments where WoWLAN is enabled or devices frequently enter suspend/resume cycles. The lack of known exploits reduces immediate risk, but the vulnerability’s presence in widely used Linux kernels means it could be leveraged in the future. European organizations with a high dependency on Linux wireless networking, such as telecommunications, cloud providers, or enterprises with remote workforces, may experience service interruptions or degraded network availability.
Mitigation Recommendations
To mitigate this vulnerability, organizations should: 1) Apply the official Linux kernel patches that fix the double initialization check in the rtw89 driver as soon as they become available from trusted Linux distributors or kernel maintainers. 2) Temporarily disable WoWLAN functionality on affected devices if patching is not immediately possible, to prevent triggering the vulnerable code path during resume. 3) Monitor kernel logs for signs of WoWLAN failure or list corruption errors to detect potential exploitation attempts or system instability. 4) Audit and inventory Linux systems to identify those running affected kernel versions with the rtw89 driver and Realtek 8852CE chipsets. 5) For critical systems, consider isolating or limiting network access to reduce exposure to potential denial of service attacks exploiting this flaw. 6) Engage with hardware vendors for firmware updates or driver replacements that may further harden WoWLAN handling. 7) Implement robust system monitoring and automated reboot mechanisms to recover quickly from kernel panics caused by this issue.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2025-21730: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to init mgnt_entry list twice when WoWLAN failed If WoWLAN failed in resume flow, the rtw89_ops_add_interface() triggered without removing the interface first. Then the mgnt_entry list init again, causing the list_empty() check in rtw89_chanctx_ops_assign_vif() useless, and list_add_tail() again. Therefore, we have added a check to prevent double adding of the list. rtw89_8852ce 0000:01:00.0: failed to check wow status disabled rtw89_8852ce 0000:01:00.0: wow: failed to check disable fw ready rtw89_8852ce 0000:01:00.0: wow: failed to swap to normal fw rtw89_8852ce 0000:01:00.0: failed to disable wow rtw89_8852ce 0000:01:00.0: failed to resume for wow -110 rtw89_8852ce 0000:01:00.0: MAC has already powered on i2c_hid_acpi i2c-ILTK0001:00: PM: acpi_subsys_resume+0x0/0x60 returned 0 after 284705 usecs list_add corruption. prev->next should be next (ffff9d9719d82228), but was ffff9d9719f96030. (prev=ffff9d9719f96030). ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:34! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 2 PID: 6918 Comm: kworker/u8:19 Tainted: G U O Hardware name: Google Anraggar/Anraggar, BIOS Google_Anraggar.15217.514.0 03/25/2024 Workqueue: events_unbound async_run_entry_fn RIP: 0010:__list_add_valid_or_report+0x9f/0xb0 Code: e8 56 89 ff ff 0f 0b 48 c7 c7 3e fc e0 96 48 89 c6 e8 45 89 ff ... RSP: 0018:ffffa51b42bbbaf0 EFLAGS: 00010246 RAX: 0000000000000075 RBX: ffff9d9719d82ab0 RCX: 13acb86e047a4400 RDX: 3fffffffffffffff RSI: 0000000000000000 RDI: 00000000ffffdfff RBP: ffffa51b42bbbb28 R08: ffffffff9768e250 R09: 0000000000001fff R10: ffffffff9765e250 R11: 0000000000005ffd R12: ffff9d9719f95c40 R13: ffff9d9719f95be8 R14: ffff9d97081bfd78 R15: ffff9d9719d82060 FS: 0000000000000000(0000) GS:ffff9d9a6fb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007e7d029a4060 CR3: 0000000345e38000 CR4: 0000000000750ee0 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x68/0xb0 ? die+0xaa/0xd0 ? do_trap+0x9f/0x170 ? __list_add_valid_or_report+0x9f/0xb0 ? __list_add_valid_or_report+0x9f/0xb0 ? handle_invalid_op+0x69/0x90 ? __list_add_valid_or_report+0x9f/0xb0 ? exc_invalid_op+0x3c/0x50 ? asm_exc_invalid_op+0x16/0x20 ? __list_add_valid_or_report+0x9f/0xb0 rtw89_chanctx_ops_assign_vif+0x1f9/0x210 [rtw89_core cbb375c44bf28564ce479002bff66617a25d9ac1] ? __mutex_unlock_slowpath+0xa0/0xf0 rtw89_ops_assign_vif_chanctx+0x4b/0x90 [rtw89_core cbb375c44bf28564ce479002bff66617a25d9ac1] drv_assign_vif_chanctx+0xa7/0x1f0 [mac80211 6efaad16237edaaea0868b132d4f93ecf918a8b6] ieee80211_reconfig+0x9cb/0x17b0 [mac80211 6efaad16237edaaea0868b132d4f93ecf918a8b6] ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 572d03acaaa933fe38251be7fce3b3675284b8ed] ? dev_printk_emit+0x51/0x70 ? _dev_info+0x6e/0x90 wiphy_resume+0x89/0x180 [cfg80211 572d03acaaa933fe38251be7fce3b3675284b8ed] ? __pfx_wiphy_resume+0x10/0x10 [cfg80211 572d03acaaa933fe38251be7fce3b3675284b8ed] dpm_run_callback+0x37/0x1e0 device_resume+0x26d/0x4b0 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x29/0xd0 worker_thread+0x397/0x970 kthread+0xed/0x110 ? __pfx_worker_thread+0x10/0x10 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x38/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK>
AI-Powered Analysis
Technical Analysis
CVE-2025-21730 is a vulnerability in the Linux kernel specifically related to the rtw89 wireless driver, which supports certain Realtek Wi-Fi chipsets. The flaw arises during the handling of Wake on Wireless LAN (WoWLAN) functionality in the resume flow of the device. When WoWLAN fails, the function rtw89_ops_add_interface() is triggered without first removing the existing interface, causing the mgnt_entry list to be initialized twice. This double initialization bypasses the list_empty() check in rtw89_chanctx_ops_assign_vif(), leading to a second addition of the same list entry via list_add_tail(). This results in list corruption, which triggers a kernel BUG and an invalid opcode exception, causing a kernel panic or system crash. The detailed kernel logs show the failure to disable WoWLAN properly and the subsequent list corruption, culminating in a kernel panic at lib/list_debug.c. The root cause is a missing check to prevent double adding of list entries, which has been addressed in the patch. The vulnerability affects Linux kernel versions containing the rtw89 driver with the affected commit hashes listed. The issue is a memory/list corruption bug triggered by improper handling of WoWLAN failure states, leading to system instability and denial of service. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with the vulnerable rtw89 wireless driver, commonly found in devices using Realtek 8852CE Wi-Fi chipsets. The impact is mainly denial of service due to kernel panics triggered by WoWLAN failure during device resume, which can cause system crashes and potential downtime. This can affect servers, workstations, or embedded devices relying on these wireless components. Critical infrastructure or enterprises using Linux-based systems with these Wi-Fi chipsets could face operational disruptions. While the vulnerability does not directly allow remote code execution or privilege escalation, the resulting kernel panic can be exploited for targeted denial of service attacks, especially in environments where WoWLAN is enabled or devices frequently enter suspend/resume cycles. The lack of known exploits reduces immediate risk, but the vulnerability’s presence in widely used Linux kernels means it could be leveraged in the future. European organizations with a high dependency on Linux wireless networking, such as telecommunications, cloud providers, or enterprises with remote workforces, may experience service interruptions or degraded network availability.
Mitigation Recommendations
To mitigate this vulnerability, organizations should: 1) Apply the official Linux kernel patches that fix the double initialization check in the rtw89 driver as soon as they become available from trusted Linux distributors or kernel maintainers. 2) Temporarily disable WoWLAN functionality on affected devices if patching is not immediately possible, to prevent triggering the vulnerable code path during resume. 3) Monitor kernel logs for signs of WoWLAN failure or list corruption errors to detect potential exploitation attempts or system instability. 4) Audit and inventory Linux systems to identify those running affected kernel versions with the rtw89 driver and Realtek 8852CE chipsets. 5) For critical systems, consider isolating or limiting network access to reduce exposure to potential denial of service attacks exploiting this flaw. 6) Engage with hardware vendors for firmware updates or driver replacements that may further harden WoWLAN handling. 7) Implement robust system monitoring and automated reboot mechanisms to recover quickly from kernel panics caused by this issue.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.755Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9832c4522896dcbe8604
Added to database: 5/21/2025, 9:09:06 AM
Last enriched: 6/30/2025, 8:39:31 AM
Last updated: 8/18/2025, 11:27:59 PM
Views: 16
Related Threats
CVE-2025-8567: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in posimyththemes Nexter Blocks – WordPress Gutenberg Blocks & 1000+ Starter Templates
MediumCVE-2025-41689: CWE-306 Missing Authentication for Critical Function in Wiesemann & Theis Motherbox 3
MediumCVE-2025-41685: CWE-359 Exposure of Private Personal Information to an Unauthorized Actor in SMA ennexos.sunnyportal.com
MediumCVE-2025-8723: CWE-94 Improper Control of Generation of Code ('Code Injection') in mecanik Cloudflare Image Resizing – Optimize & Accelerate Your Images
CriticalCVE-2025-8622: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in webaware Flexible Map
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.