Linux Kernel rtw89 Wi-Fi Driver Null Pointer Dereference and Use-After-Free Vulnerability

Vulnerability

A race condition vulnerability has been identified in the Linux kernel's rtw89 Wi-Fi driver. The issue arises when the 'scanning' flag is not properly protected by a mutex, allowing the 'cancel_hw_scan' function to interfere with the 'hw_scan' completion process. This interference can lead to a null pointer dereference and a use-after-free condition, as the 'hw_scan' completion unsets the flag and frees the scan request, while 'cancel_hw_scan' may still be attempting to access it.

Impact

Exploitation of this vulnerability causes a null pointer dereference and a use-after-free condition, which can lead to memory corruption and potentially allow for arbitrary code execution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel rtw89 Wi-Fi Driver Null Pointer Dereference and Use-After-Free Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating