Improper locking in Linux kernel wireless



| Updated: 2025-05-11
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2025-21910
CWE-ID CWE-667
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU106800

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-21910

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the is_an_alpha2() function in net/wireless/reg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.1 - 6.1.130

CPE2.3 External links

https://git.kernel.org/stable/c/17aa34c84867f6cd181a5743e1c647e7766962a6
https://git.kernel.org/stable/c/35ef07112b61b06eb30683a6563c9f6378c02476
https://git.kernel.org/stable/c/59b348be7597c4a9903cb003c69e37df20c04a30
https://git.kernel.org/stable/c/62b1a9bbfebba4b4c2bb6c1ede9ef7ecee7a9ff6
https://git.kernel.org/stable/c/6a5e3b23054cee3b92683d1467e3fa83921f5622
https://git.kernel.org/stable/c/be7c5f00aa7f1344293e4d48d0e12be83a2f223d
https://git.kernel.org/stable/c/da3f599517ef2ea851208df3229d07728d238dc5
https://git.kernel.org/stable/c/f4112cb477c727a65787a4065a75ca593bb5b2f4
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.131


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###