CVE-2025-22119 — Use of Uninitialized Resource in Linux
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 73.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 16
Latest updateJul 8
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: init wiphy_work before allocating rfkill fails
syzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_free. [1]
After rfkill allocation fails, the wiphy release process will be performed,
which will cause cfg80211_dev_free to access the uninitialized wiphy_work
related data.
Move the initialization of wiphy_work to before rfkill initialization to
avoid this issue.
[1]
INFO: trying to register non-st…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages6 packages
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
5OSV▶
CVE-2025-22119: In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_work before allocating rfkill fails syzbort reported a↗2025-04-16
GHSA▶
GHSA-f42j-5x72-52wf: In the Linux kernel, the following vulnerability has been resolved:
wifi: cfg80211: init wiphy_work before allocating rfkill fails
syzbort reported↗2025-04-16
📋Vendor Advisories
5Debian▶
CVE-2025-22119: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80...↗2025