Fixed
Created: Jul 28, 2025
Updated: Aug 28, 2025
Resolved Date: Aug 28, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]wifi: carl9170: do not ping device which has failed to load firmware[EOL][EOL]Syzkaller reports [1, 2] crashes caused by an attempts to ping[EOL]the device which has failed to load firmware. Since such a device[EOL]doesn't pass 'ieee80211_register_hw()', an internal workqueue[EOL]managed by 'ieee80211_queue_work()' is not yet created and an[EOL]attempt to queue work on it causes null-ptr-deref.[EOL][EOL][1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff[EOL][2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217
CREATE(Triage):(User=admin) [CVE-2025-38420 (https://nvd.nist.gov/vuln/detail/CVE-2025-38420)
