VYPR
Medium severity5.5NVD Advisory· Published Jul 25, 2025· Updated Jun 17, 2026

CVE-2025-38420

CVE-2025-38420

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: carl9170: do not ping device which has failed to load firmware

Syzkaller reports [1, 2] crashes caused by an attempts to ping the device which has failed to load firmware. Since such a device doesn't pass 'ieee80211_register_hw()', an internal workqueue managed by 'ieee80211_queue_work()' is not yet created and an attempt to queue work on it causes null-ptr-deref.

[1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff [2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

124

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.