CVE - CVE-2025-38009

CVE-ID
CVE-2025-38009	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: disable napi on driver removal A warning on driver removal started occurring after commit 9dd05df8403b ("net: warn if NAPI instance wasn't shut down"). Disable tx napi before deleting it in mt76_dma_cleanup(). WARNING: CPU: 4 PID: 18828 at net/core/dev.c:7288 __netif_napi_del_locked+0xf0/0x100 CPU: 4 UID: 0 PID: 18828 Comm: modprobe Not tainted 6.15.0-rc4 #4 PREEMPT(lazy) Hardware name: ASUS System Product Name/PRIME X670E-PRO WIFI, BIOS 3035 09/05/2024 RIP: 0010:__netif_napi_del_locked+0xf0/0x100 Call Trace: <TASK> mt76_dma_cleanup+0x54/0x2f0 [mt76] mt7921_pci_remove+0xd5/0x190 [mt7921e] pci_device_remove+0x47/0xc0 device_release_driver_internal+0x19e/0x200 driver_detach+0x48/0x90 bus_remove_driver+0x6d/0xf0 pci_unregister_driver+0x2e/0xb0 __do_sys_delete_module.isra.0+0x197/0x2e0 do_syscall_64+0x7b/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e Tested with mt7921e but the same pattern can be actually applied to other mt76 drivers calling mt76_dma_cleanup() during removal. Tx napi is enabled in their *_dma_init() functions and only toggled off and on again inside their suspend/resume/reset paths. So it should be okay to disable tx napi in such a generic way. Found by Linux Verification Center (linuxtesting.org).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/2b81e76db3667d1f7f2ad44e9835cdaf8dea95a8 URL:https://git.kernel.org/stable/c/2b81e76db3667d1f7f2ad44e9835cdaf8dea95a8 MISC:https://git.kernel.org/stable/c/5e700b06b970fc19e3a1ecb244e14785f3fbb8e3 URL:https://git.kernel.org/stable/c/5e700b06b970fc19e3a1ecb244e14785f3fbb8e3 MISC:https://git.kernel.org/stable/c/78ab4be549533432d97ea8989d2f00b508fa68d8 URL:https://git.kernel.org/stable/c/78ab4be549533432d97ea8989d2f00b508fa68d8 MISC:https://git.kernel.org/stable/c/b892e830d1ea8c5475254b98827771f7366f1039 URL:https://git.kernel.org/stable/c/b892e830d1ea8c5475254b98827771f7366f1039 MISC:https://git.kernel.org/stable/c/ca5b213bf4b4224335a8131a26805d16503fca5f URL:https://git.kernel.org/stable/c/ca5b213bf4b4224335a8131a26805d16503fca5f MISC:https://git.kernel.org/stable/c/e7bfbda5fddd27f3158e723d641c0fcdfb0552a7 URL:https://git.kernel.org/stable/c/e7bfbda5fddd27f3158e723d641c0fcdfb0552a7 MISC:https://git.kernel.org/stable/c/ff0f820fa5b99035b3c654dd531226d8d83aec5f URL:https://git.kernel.org/stable/c/ff0f820fa5b99035b3c654dd531226d8d83aec5f
Assigning CNA
kernel.org
Date Record Created
20250416	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250416)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)