CVE-2025-22119: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_work before allocating rfkill fails syzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_free. [1] After rfkill allocation fails, the wiphy release process will be performed, which will cause cfg80211_dev_free to access the uninitialized wiphy_work related data. Move the initialization of wiphy_work to before rfkill initialization to avoid this issue. [1] INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 0 UID: 0 PID: 5935 Comm: syz-executor550 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 assign_lock_key kernel/locking/lockdep.c:983 [inline] register_lock_class+0xc39/0x1240 kernel/locking/lockdep.c:1297 __lock_acquire+0x135/0x3c40 kernel/locking/lockdep.c:5103 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 cfg80211_dev_free+0x30/0x3d0 net/wireless/core.c:1196 device_release+0xa1/0x240 drivers/base/core.c:2568 kobject_cleanup lib/kobject.c:689 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x1e4/0x5a0 lib/kobject.c:737 put_device+0x1f/0x30 drivers/base/core.c:3774 wiphy_free net/wireless/core.c:1224 [inline] wiphy_new_nm+0x1c1f/0x2160 net/wireless/core.c:562 ieee80211_alloc_hw_nm+0x1b7a/0x2260 net/mac80211/main.c:835 mac80211_hwsim_new_radio+0x1d6/0x54e0 drivers/net/wireless/virtual/mac80211_hwsim.c:5185 hwsim_new_radio_nl+0xb42/0x12b0 drivers/net/wireless/virtual/mac80211_hwsim.c:6242 genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2533 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1882 sock_sendmsg_nosec net/socket.c:718 [inline] __sock_sendmsg net/socket.c:733 [inline] ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2573 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2627 __sys_sendmsg+0x16e/0x220 net/socket.c:2659 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 Close: https://syzkaller.appspot.com/bug?extid=aaf0488c83d1d5f4f029
AI Analysis
Technical Summary
CVE-2025-22119 is a vulnerability identified in the Linux kernel's wireless subsystem, specifically within the cfg80211 component responsible for wireless device configuration. The issue arises from improper initialization order of the wiphy_work structure and rfkill allocation during the wireless device release process. When rfkill allocation fails, the kernel proceeds to release the wireless device, triggering the cfg80211_dev_free function. However, due to the uninitialized wiphy_work_lock, this function accesses uninitialized data, leading to potential use-after-free or race conditions. The root cause is that wiphy_work is initialized after rfkill allocation, but if rfkill allocation fails, the release process accesses wiphy_work before it is properly initialized. The fix involves moving the initialization of wiphy_work to occur before rfkill initialization, ensuring that the release process does not access uninitialized data. The vulnerability was discovered and reported by syzbort, with kernel stack traces indicating lockdep warnings and improper locking annotations. This flaw could lead to kernel crashes or undefined behavior due to improper locking and memory access in the wireless subsystem. Although no known exploits are reported in the wild, the vulnerability affects multiple Linux kernel versions, including recent development releases, and impacts systems using wireless networking features. The vulnerability does not require user interaction but involves kernel-level operations, making exploitation more complex but potentially severe if triggered by crafted wireless device operations or malformed kernel requests.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions with wireless networking enabled. Potential impacts include kernel crashes leading to denial of service, instability of wireless network interfaces, and possible escalation of privileges if an attacker can exploit the race condition or use-after-free to execute arbitrary code in kernel context. Critical infrastructure, telecommunications providers, and enterprises relying on Linux-based wireless access points or embedded devices could face service disruptions. Given the widespread use of Linux in servers, IoT devices, and network equipment across Europe, the vulnerability could affect a broad range of sectors including finance, healthcare, manufacturing, and public services. The lack of known exploits reduces immediate risk, but the complexity of the flaw and its kernel-level nature mean that sophisticated threat actors could develop exploits targeting wireless subsystems. This could lead to targeted attacks on wireless infrastructure or compromise of devices used in sensitive environments.
Mitigation Recommendations
European organizations should prioritize updating Linux kernels to versions where this vulnerability is patched, ensuring that the initialization order of wiphy_work and rfkill allocation is corrected. For systems where immediate patching is not feasible, disabling wireless networking or rfkill functionality temporarily can reduce exposure. Network administrators should monitor kernel logs for lockdep warnings or unusual wireless device errors that might indicate exploitation attempts. Employing kernel lockdown features and restricting access to kernel interfaces related to wireless device management can limit attack surface. Additionally, organizations should audit embedded Linux devices and IoT equipment for affected kernel versions and coordinate with vendors for firmware updates. Implementing strict network segmentation for wireless infrastructure and using intrusion detection systems capable of monitoring kernel-level anomalies can provide early warning of exploitation attempts. Finally, maintaining up-to-date backups and incident response plans will help mitigate impact if exploitation occurs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2025-22119: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_work before allocating rfkill fails syzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_free. [1] After rfkill allocation fails, the wiphy release process will be performed, which will cause cfg80211_dev_free to access the uninitialized wiphy_work related data. Move the initialization of wiphy_work to before rfkill initialization to avoid this issue. [1] INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 0 UID: 0 PID: 5935 Comm: syz-executor550 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 assign_lock_key kernel/locking/lockdep.c:983 [inline] register_lock_class+0xc39/0x1240 kernel/locking/lockdep.c:1297 __lock_acquire+0x135/0x3c40 kernel/locking/lockdep.c:5103 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 cfg80211_dev_free+0x30/0x3d0 net/wireless/core.c:1196 device_release+0xa1/0x240 drivers/base/core.c:2568 kobject_cleanup lib/kobject.c:689 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x1e4/0x5a0 lib/kobject.c:737 put_device+0x1f/0x30 drivers/base/core.c:3774 wiphy_free net/wireless/core.c:1224 [inline] wiphy_new_nm+0x1c1f/0x2160 net/wireless/core.c:562 ieee80211_alloc_hw_nm+0x1b7a/0x2260 net/mac80211/main.c:835 mac80211_hwsim_new_radio+0x1d6/0x54e0 drivers/net/wireless/virtual/mac80211_hwsim.c:5185 hwsim_new_radio_nl+0xb42/0x12b0 drivers/net/wireless/virtual/mac80211_hwsim.c:6242 genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2533 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1882 sock_sendmsg_nosec net/socket.c:718 [inline] __sock_sendmsg net/socket.c:733 [inline] ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2573 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2627 __sys_sendmsg+0x16e/0x220 net/socket.c:2659 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 Close: https://syzkaller.appspot.com/bug?extid=aaf0488c83d1d5f4f029
AI-Powered Analysis
Technical Analysis
CVE-2025-22119 is a vulnerability identified in the Linux kernel's wireless subsystem, specifically within the cfg80211 component responsible for wireless device configuration. The issue arises from improper initialization order of the wiphy_work structure and rfkill allocation during the wireless device release process. When rfkill allocation fails, the kernel proceeds to release the wireless device, triggering the cfg80211_dev_free function. However, due to the uninitialized wiphy_work_lock, this function accesses uninitialized data, leading to potential use-after-free or race conditions. The root cause is that wiphy_work is initialized after rfkill allocation, but if rfkill allocation fails, the release process accesses wiphy_work before it is properly initialized. The fix involves moving the initialization of wiphy_work to occur before rfkill initialization, ensuring that the release process does not access uninitialized data. The vulnerability was discovered and reported by syzbort, with kernel stack traces indicating lockdep warnings and improper locking annotations. This flaw could lead to kernel crashes or undefined behavior due to improper locking and memory access in the wireless subsystem. Although no known exploits are reported in the wild, the vulnerability affects multiple Linux kernel versions, including recent development releases, and impacts systems using wireless networking features. The vulnerability does not require user interaction but involves kernel-level operations, making exploitation more complex but potentially severe if triggered by crafted wireless device operations or malformed kernel requests.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions with wireless networking enabled. Potential impacts include kernel crashes leading to denial of service, instability of wireless network interfaces, and possible escalation of privileges if an attacker can exploit the race condition or use-after-free to execute arbitrary code in kernel context. Critical infrastructure, telecommunications providers, and enterprises relying on Linux-based wireless access points or embedded devices could face service disruptions. Given the widespread use of Linux in servers, IoT devices, and network equipment across Europe, the vulnerability could affect a broad range of sectors including finance, healthcare, manufacturing, and public services. The lack of known exploits reduces immediate risk, but the complexity of the flaw and its kernel-level nature mean that sophisticated threat actors could develop exploits targeting wireless subsystems. This could lead to targeted attacks on wireless infrastructure or compromise of devices used in sensitive environments.
Mitigation Recommendations
European organizations should prioritize updating Linux kernels to versions where this vulnerability is patched, ensuring that the initialization order of wiphy_work and rfkill allocation is corrected. For systems where immediate patching is not feasible, disabling wireless networking or rfkill functionality temporarily can reduce exposure. Network administrators should monitor kernel logs for lockdep warnings or unusual wireless device errors that might indicate exploitation attempts. Employing kernel lockdown features and restricting access to kernel interfaces related to wireless device management can limit attack surface. Additionally, organizations should audit embedded Linux devices and IoT equipment for affected kernel versions and coordinate with vendors for firmware updates. Implementing strict network segmentation for wireless infrastructure and using intrusion detection systems capable of monitoring kernel-level anomalies can provide early warning of exploitation attempts. Finally, maintaining up-to-date backups and incident response plans will help mitigate impact if exploitation occurs.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-29T08:45:45.823Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd425
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 7/3/2025, 9:28:39 PM
Last updated: 8/18/2025, 4:12:05 AM
Views: 17
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.