Improper locking in Linux kernel realtek rtw89 driver

1) Improper locking

EUVDB-ID: #VU105031

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21730

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rtw89_ops_add_interface() function in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.12 - 6.12.12

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:6.12:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.12.1:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.12.2:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.12.3:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.12.4:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.12.5:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.12.6:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.12.7:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.12.8:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.12.9:*:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/2f7667675df1b40b73ecc53b4b8c3189b1e5f2c1
https://git.kernel.org/stable/c/4ed5bf49819757303e657f3900725febf2f3926f
https://git.kernel.org/stable/c/7fc295fdd3992a9a07d12fd3f2e84dface23aedc
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.13

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.