CVE-2025-38009

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-38009
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38009.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-38009
Downstream
Related
Published
2025-06-18T10:15:32Z
Modified
2025-08-13T00:01:38Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: disable napi on driver removal

A warning on driver removal started occurring after commit 9dd05df8403b ("net: warn if NAPI instance wasn't shut down"). Disable tx napi before deleting it in mt76dmacleanup().

WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 netifnapidellocked+0xf0/0x100 CPU: 4 UID: 0 PID: 18828 Comm: modprobe Not tainted 6.15.0-rc4 #4 PREEMPT(lazy) Hardware name: ASUS System Product Name/PRIME X670E-PRO WIFI, BIOS 3035 09/05/2024 RIP: 0010:netifnapidellocked+0xf0/0x100 Call Trace: <TASK> mt76dmacleanup+0x54/0x2f0 [mt76] mt7921pciremove+0xd5/0x190 [mt7921e] pcideviceremove+0x47/0xc0 devicereleasedriverinternal+0x19e/0x200 driverdetach+0x48/0x90 busremovedriver+0x6d/0xf0 pciunregisterdriver+0x2e/0xb0 _dosysdeletemodule.isra.0+0x197/0x2e0 dosyscall64+0x7b/0x160 entrySYSCALL64afterhwframe+0x76/0x7e

Tested with mt7921e but the same pattern can be actually applied to other mt76 drivers calling mt76dmacleanup() during removal. Tx napi is enabled in their *dmainit() functions and only toggled off and on again inside their suspend/resume/reset paths. So it should be okay to disable tx napi in such a generic way.

Found by Linux Verification Center (linuxtesting.org).

References

Affected packages