DEBIAN-CVE-2025-38643
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-38643
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-38643.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-38643
- Upstream
- Published
- 2025-08-22T16:15:38Z
- Modified
- 2025-09-30T05:20:43.826023Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211checkandendcac() Callers of wdevchandef() must hold the wiphy mutex. But the worker cfg80211propagatecacdonewk() never takes the lock. Which triggers the warning below with the meshpeerconnecteddfs test from hostapd and not (yet) released mac80211 code changes: WARNING: CPU: 0 PID: 495 at net/wireless/chan.c:1552 wdevchandef+0x60/0x165 Modules linked in: CPU: 0 UID: 0 PID: 495 Comm: kworker/u4:2 Not tainted 6.14.0-rc5-wt-g03960e6f9d47 #33 13c287eeabfe1efea01c0bcc863723ab082e17cf Workqueue: cfg80211 cfg80211propagatecacdonewk Stack: 00000000 00000001 ffffff00 6093267c 00000000 6002ec30 6d577c50 60037608 00000000 67e8d108 6063717b 00000000 Call Trace: [<6002ec30>] ? _printk+0x0/0x98 [<6003c2b3>] showstack+0x10e/0x11a [<6002ec30>] ? printk+0x0/0x98 [<60037608>] dumpstacklvl+0x71/0xb8 [<6063717b>] ? wdevchandef+0x60/0x165 [<6003766d>] dumpstack+0x1e/0x20 [<6005d1b7>] _warn+0x101/0x20f [<6005d3a8>] warnslowpathfmt+0xe3/0x15d [<600b0c5c>] ? marklock.part.0+0x0/0x4ec [<60751191>] ? _thiscpupreemptcheck+0x0/0x16 [<600b11a2>] ? markheldlocks+0x5a/0x6e [<6005d2c5>] ? warnslowpathfmt+0x0/0x15d [<60052e53>] ? unblocksignals+0x3a/0xe7 [<60052f2d>] ? umsetsignals+0x2d/0x43 [<60751191>] ? _thiscpupreemptcheck+0x0/0x16 [<607508b2>] ? lockisheldtype+0x207/0x21f [<6063717b>] wdevchandef+0x60/0x165 [<605f89b4>] regulatorypropagatedfsstate+0x247/0x43f [<60052f00>] ? umsetsignals+0x0/0x43 [<605e6bfd>] cfg80211propagatecacdonewk+0x3a/0x4a [<6007e460>] processscheduledworks+0x3bc/0x60e [<6007d0ec>] ? movelinkedworks+0x4d/0x81 [<6007d120>] ? assignwork+0x0/0xaa [<6007f81f>] workerthread+0x220/0x2dc [<600786ef>] ? setpfworker+0x0/0x57 [<60087c96>] ? tokthread+0x0/0x43 [<6008ab3c>] kthread+0x2d3/0x2e2 [<6007f5ff>] ? workerthread+0x0/0x2dc [<6006c05b>] ? calculatesigpending+0x0/0x56 [<6003b37d>] newthreadhandler+0x4a/0x64 irq event stamp: 614611 hardirqs last enabled at (614621): [<00000000600bc96b>] _upconsolesem+0x82/0xaf hardirqs last disabled at (614630): [<00000000600bc92c>] _upconsolesem+0x43/0xaf softirqs last enabled at (614268): [<00000000606c55c6>] _ieee80211wakequeue+0x933/0x985 softirqs last disabled at (614266): [<00000000606c52d6>] _ieee80211wakequeue+0x643/0x985
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
6.*
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.16.3-1