CVE-2025-38602

Опубликовано: 19 авг. 2025

Источник: redhat

CVSS3: 4.4

EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may return NULL pointer.

Отчет

In iwlwifi (DVM), the return value of alloc_ordered_workqueue() wasn’t checked; under memory pressure it can return NULL, and subsequent use causes a kernel NULL dereference during driver init. Exploitation requires the driver to be loaded (typically root/boot-time), so this is a local DoS.

Меры по смягчению последствий

To mitigate this issue, prevent modules iwlcore, iwlwifi from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Fix deferred
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Fix deferred
Red Hat Enterprise Linux 7	kernel-rt	Fix deferred
Red Hat Enterprise Linux 8	kernel	Fix deferred
Red Hat Enterprise Linux 8	kernel-rt	Fix deferred
Red Hat Enterprise Linux 9	kernel	Fix deferred
Red Hat Enterprise Linux 9	kernel-rt	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-252

https://bugzilla.redhat.com/show_bug.cgi?id=2389474kernel: iwlwifi: Add missing check for alloc_ordered_workqueue

EPSS

Процентиль: 15%

0.00049

Низкий

4.4 Medium

CVSS3

Связанные уязвимости

CVE-2025-38602

ubuntu

3 месяца назад

CVE-2025-38602

nvd

3 месяца назад

CVE-2025-38602

CVSS3: 5.1

msrc

2 месяца назад

iwlwifi: Add missing check for alloc_ordered_workqueue

CVE-2025-38602

debian

3 месяца назад

In the Linux kernel, the following vulnerability has been resolved: i ...

GHSA-5559-mwx3-3r74

github

3 месяца назад

EPSS

Процентиль: 15%

0.00049

Низкий

4.4 Medium

CVSS3