CVE-2025-38643
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2026-03-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Callers of wdev_chandef() must hold the wiphy mutex. But the worker cfg80211_propagate_cac_done_wk() never takes the lock. Which triggers the warning below with the mesh_peer_connected_dfs test from hostapd and not (yet) released mac80211 code changes: WARNING: CPU: 0 PID: 495 at net/wireless/chan.c:1552 wdev_chandef+0x60/0x165 Modules linked in: CPU: 0 UID: 0 PID: 495 Comm: kworker/u4:2 Not tainted 6.14.0-rc5-wt-g03960e6f9d47 #33 13c287eeabfe1efea01c0bcc863723ab082e17cf Workqueue: cfg80211 cfg80211_propagate_cac_done_wk Stack: 00000000 00000001 ffffff00 6093267c 00000000 6002ec30 6d577c50 60037608 00000000 67e8d108 6063717b 00000000 Call Trace: [<6002ec30>] ? _printk+0x0/0x98 [<6003c2b3>] show_stack+0x10e/0x11a [<6002ec30>] ? _printk+0x0/0x98 [<60037608>] dump_stack_lvl+0x71/0xb8 [<6063717b>] ? wdev_chandef+0x60/0x165 [<6003766d>] dump_stack+0x1e/0x20 [<6005d1b7>] __warn+0x101/0x20f [<6005d3a8>] warn_slowpath_fmt+0xe3/0x15d [<600b0c5c>] ? mark_lock.part.0+0x0/0x4ec [<60751191>] ? __this_cpu_preempt_check+0x0/0x16 [<600b11a2>] ? mark_held_locks+0x5a/0x6e [<6005d2c5>] ? warn_slowpath_fmt+0x0/0x15d [<60052e53>] ? unblock_signals+0x3a/0xe7 [<60052f2d>] ? um_set_signals+0x2d/0x43 [<60751191>] ? __this_cpu_preempt_check+0x0/0x16 [<607508b2>] ? lock_is_held_type+0x207/0x21f [<6063717b>] wdev_chandef+0x60/0x165 [<605f89b4>] regulatory_propagate_dfs_state+0x247/0x43f [<60052f00>] ? um_set_signals+0x0/0x43 [<605e6bfd>] cfg80211_propagate_cac_done_wk+0x3a/0x4a [<6007e460>] process_scheduled_works+0x3bc/0x60e [<6007d0ec>] ? move_linked_works+0x4d/0x81 [<6007d120>] ? assign_work+0x0/0xaa [<6007f81f>] worker_thread+0x220/0x2dc [<600786ef>] ? set_pf_worker+0x0/0x57 [<60087c96>] ? to_kthread+0x0/0x43 [<6008ab3c>] kthread+0x2d3/0x2e2 [<6007f5ff>] ? worker_thread+0x0/0x2dc [<6006c05b>] ? calculate_sigpending+0x0/0x56 [<6003b37d>] new_thread_handler+0x4a/0x64 irq event stamp: 614611 hardirqs last enabled at (614621): [<00000000600bc96b>] __up_console_sem+0x82/0xaf hardirqs last disabled at (614630): [<00000000600bc92c>] __up_console_sem+0x43/0xaf softirqs last enabled at (614268): [<00000000606c55c6>] __ieee80211_wake_queue+0x933/0x985 softirqs last disabled at (614266): [<00000000606c52d6>] __ieee80211_wake_queue+0x643/0x985
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2026-03-17
Generated
2026-05-07
AI Q&A
2025-08-22
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38643
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 4.14.170 (inc) to 4.15 (exc)
linux linux_kernel From 4.19.102 (inc) to 4.20 (exc)
linux linux_kernel From 5.4.18 (inc) to 5.5 (exc)
linux linux_kernel From 5.5.1 (inc) to 6.6.118 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.57 (exc)
linux linux_kernel From 6.13 (inc) to 6.15.10 (exc)
linux linux_kernel From 6.16 (inc) to 6.16.1 (exc)
linux linux_kernel 5.5
linux linux_kernel 5.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel involves a missing lock in the wifi cfg80211 component, specifically in the function cfg80211_check_and_end_cac(). Callers of the function wdev_chandef() are required to hold the wiphy mutex lock, but the worker function cfg80211_propagate_cac_done_wk() does not take this lock. This leads to a warning and potential issues related to concurrency and synchronization in wireless device channel definition handling.


How can this vulnerability impact me? :

The impact of this vulnerability could include instability or unexpected behavior in the wireless networking stack of the Linux kernel due to improper locking. This might cause warnings, potential race conditions, or crashes related to wireless device channel management, especially when using features involving DFS (Dynamic Frequency Selection) and mesh networking.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for the specific warning message triggered by the issue. Look for the warning: "WARNING: CPU: ... wdev_chandef+0x60/0x165" related to cfg80211 and cfg80211_propagate_cac_done_wk workqueue. You can use commands like `dmesg | grep wdev_chandef` or `journalctl -k | grep wdev_chandef` to find these warnings in kernel logs.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where this issue is fixed, as the vulnerability is due to a missing lock in the kernel code. Until an update is applied, monitoring logs for the warning and avoiding triggering the mesh_peer_connected_dfs test or related functionality may reduce exposure.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart