{
  "threat_severity" : "Moderate",
  "public_date" : "2025-04-16T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: wifi: cfg80211: init wiphy_work before allocating rfkill fails",
    "id" : "2360205",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2360205"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-908",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nwifi: cfg80211: init wiphy_work before allocating rfkill fails\nsyzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_free. [1]\nAfter rfkill allocation fails, the wiphy release process will be performed,\nwhich will cause cfg80211_dev_free to access the uninitialized wiphy_work\nrelated data.\nMove the initialization of wiphy_work to before rfkill initialization to\navoid this issue.\n[1]\nINFO: trying to register non-static key.\nThe code is fine but needs lockdep annotation, or maybe\nyou didn't initialize this object before use?\nturning off the locking correctness validator.\nCPU: 0 UID: 0 PID: 5935 Comm: syz-executor550 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n<TASK>\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\nassign_lock_key kernel/locking/lockdep.c:983 [inline]\nregister_lock_class+0xc39/0x1240 kernel/locking/lockdep.c:1297\n__lock_acquire+0x135/0x3c40 kernel/locking/lockdep.c:5103\nlock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851\n__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n_raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162\ncfg80211_dev_free+0x30/0x3d0 net/wireless/core.c:1196\ndevice_release+0xa1/0x240 drivers/base/core.c:2568\nkobject_cleanup lib/kobject.c:689 [inline]\nkobject_release lib/kobject.c:720 [inline]\nkref_put include/linux/kref.h:65 [inline]\nkobject_put+0x1e4/0x5a0 lib/kobject.c:737\nput_device+0x1f/0x30 drivers/base/core.c:3774\nwiphy_free net/wireless/core.c:1224 [inline]\nwiphy_new_nm+0x1c1f/0x2160 net/wireless/core.c:562\nieee80211_alloc_hw_nm+0x1b7a/0x2260 net/mac80211/main.c:835\nmac80211_hwsim_new_radio+0x1d6/0x54e0 drivers/net/wireless/virtual/mac80211_hwsim.c:5185\nhwsim_new_radio_nl+0xb42/0x12b0 drivers/net/wireless/virtual/mac80211_hwsim.c:6242\ngenl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115\ngenl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\ngenl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210\nnetlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2533\ngenl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\nnetlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]\nnetlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1338\nnetlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1882\nsock_sendmsg_nosec net/socket.c:718 [inline]\n__sock_sendmsg net/socket.c:733 [inline]\n____sys_sendmsg+0xaaf/0xc90 net/socket.c:2573\n___sys_sendmsg+0x135/0x1e0 net/socket.c:2627\n__sys_sendmsg+0x16e/0x220 net/socket.c:2659\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\nClose: https://syzkaller.appspot.com/bug?extid=aaf0488c83d1d5f4f029" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20095",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "kernel-0:6.12.0-124.8.1.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20518",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.5.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20518",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.5.1.el9_7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-22119\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-22119\nhttps://lore.kernel.org/linux-cve-announce/2025041627-CVE-2025-22119-07ea@gregkh/T" ],
  "name" : "CVE-2025-22119",
  "csaw" : false
}