CVE-2025-21930

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-21930
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-21930.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-21930
Downstream
Related
Published
2025-04-01T16:15:23Z
Modified
2025-04-10T18:07:05Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: don't try to talk to a dead firmware

This fixes:

bad state = 0 WARNING: CPU: 10 PID: 702 at drivers/net/wireless/inel/iwlwifi/iwl-trans.c:178 iwltranssendcmd+0xba/0xe0 [iwlwifi] Call Trace: <TASK> ? _warn+0xca/0x1c0 ? iwltranssendcmd+0xba/0xe0 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4] iwlfwdbgclearmonitorbuf+0xd7/0x110 [iwlwifi 64fa9ad799a0e0d2ba53d4af93a53ad9a531f8d4] iwldbgfsfwdbgclearwrite+0xe2/0x120 [iwlmvm 0e8adb18cea92d2c341766bcc10b18699290068a]

Ask whether the firmware is alive before sending a command.

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.19-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}