CVE-2023-54025
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled
In case WoWlan was never configured during the operation of the system, the hw->wiphy->wowlan_config will be NULL. rsi_config_wowlan() checks whether wowlan_config is non-NULL and if it is not, then WARNs about it. The warning is valid, as during normal operation the rsi_config_wowlan() should only ever be called with non-NULL wowlan_config. In shutdown this rsi_config_wowlan() should only ever be called if WoWlan was configured before by the user.
Add checks for non-NULL wowlan_config into the shutdown hook. While at it, check whether the wiphy is also non-NULL before accessing wowlan_config . Drop the single-use wowlan_config variable, just inline it into function call.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A null-pointer dereference in the Linux kernel's rsi WiFi driver can trigger a warning during shutdown if WoWlan was never configured.
Vulnerability
In the Linux kernel's rsi WiFi driver, the shutdown hook unconditionally calls rsi_config_wowlan() without first verifying that WoWlan (Wake-on-WLAN) was ever configured during the device's operation. The function rsi_config_wowlan() expects a non-NULL wowlan_config pointer and issues a kernel warning if it is NULL is passed. This leads to a spurious warning and potential system instability during shutdown when WoWlan has not been enabled by the user [1].
Exploitation
An attacker does not need to trigger this vulnerability remotely; it is a local denial-of-service condition that can be provoked by simply shutting down a system running the affected kernel with the rsi driver loaded. No special privileges are required beyond the ability to initiate a system shutdown. The attack surface is limited to systems that use the rsi WiFi driver and have not configured WoWlan [2].
Impact
If the system is shut down without WoWlan having been configured, the kernel will emit a WARN() message and may panic or hang depending on the kernel configuration. This can lead to a denial of service, preventing a clean shutdown and potentially causing data loss or requiring a hard reset [3].".
Mitigation
The fix adds a check for CVE-2023-54025 adds a check for non-NULL wowlan_config before calling rsi_config_wowlan() in the shutdown hook, and also verifies that wiphy is non-NULL before accessing wowlan_config. The patch has been applied to the stable kernel tree [3]. Users should update to a kernel version containing this commit to avoid the issue.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
6b2aeb97fd4704391fa180856eb205a0690811b51236aa49ab601468539c1b241e260820bVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- git.kernel.org/stable/c/1b51236aa49a0564280bd45c94118cab6d9b0fbdnvd
- git.kernel.org/stable/c/4391fa180856ff84a2cef4a92694a689eebb855envd
- git.kernel.org/stable/c/b241e260820b68c09586e8a0ae0fc23c0e3215bdnvd
- git.kernel.org/stable/c/b2aeb97fd470206e67f7b3b4a3e68212a13f747bnvd
- git.kernel.org/stable/c/b601468539c1d97539097bfc87ad11f1704b7eb7nvd
- git.kernel.org/stable/c/eb205a06908122f50b1dd1baa43f7c8036bfc7dcnvd
News mentions
0No linked articles in our index yet.