CVE-2025-38045

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix debug actions order The order of actions taken for debug was implemented incorrectly. Now we implemented the dump split and do the FW reset only in the middle of the dump (rather than the FW killing itself on error.) As a result, some of the actions taken when applying the config will now crash the device, so we need to fix the order.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/181e8b56b74ad3920456dcdc8a361520d9007956	Patch
https://git.kernel.org/stable/c/2b790fe67ed483d86c1aeb8be6735bf792caa7e5	Patch
https://git.kernel.org/stable/c/328fbc96ecbee16c5fcbfcb3ac57b476f94da2f0	Patch
https://git.kernel.org/stable/c/eb29b4ffafb20281624dcd2cbb768d6f30edf600	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

14 Nov 2025, 17:07

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Linux linux Kernel Linux
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/181e8b56b74ad3920456dcdc8a361520d9007956 -~~	() https://git.kernel.org/stable/c/181e8b56b74ad3920456dcdc8a361520d9007956 - Patch
References	~~() https://git.kernel.org/stable/c/2b790fe67ed483d86c1aeb8be6735bf792caa7e5 -~~	() https://git.kernel.org/stable/c/2b790fe67ed483d86c1aeb8be6735bf792caa7e5 - Patch
References	~~() https://git.kernel.org/stable/c/328fbc96ecbee16c5fcbfcb3ac57b476f94da2f0 -~~	() https://git.kernel.org/stable/c/328fbc96ecbee16c5fcbfcb3ac57b476f94da2f0 - Patch
References	~~() https://git.kernel.org/stable/c/eb29b4ffafb20281624dcd2cbb768d6f30edf600 -~~	() https://git.kernel.org/stable/c/eb29b4ffafb20281624dcd2cbb768d6f30edf600 - Patch

Information

Published : 2025-06-18 10:15

Updated : 2025-11-14 17:07

NVD link : CVE-2025-38045

Mitre link : CVE-2025-38045

CVE.ORG link : CVE-2025-38045

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-38045", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-06-18T10:15:37.070", "references": [{"url": "https://git.kernel.org/stable/c/181e8b56b74ad3920456dcdc8a361520d9007956", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/2b790fe67ed483d86c1aeb8be6735bf792caa7e5", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/328fbc96ecbee16c5fcbfcb3ac57b476f94da2f0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/eb29b4ffafb20281624dcd2cbb768d6f30edf600", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix debug actions order\n\nThe order of actions taken for debug was implemented incorrectly.\nNow we implemented the dump split and do the FW reset only in the\nmiddle of the dump (rather than the FW killing itself on error.)\nAs a result, some of the actions taken when applying the config\nwill now crash the device, so we need to fix the order."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: corregir el orden de las acciones de depuraci\u00f3n. El orden de las acciones de depuraci\u00f3n se implement\u00f3 incorrectamente. Ahora implementamos la divisi\u00f3n del volcado y el reinicio del firmware se realiza solo en medio del volcado (en lugar de que el firmware se autodestruya en caso de error). Como resultado, algunas acciones al aplicar la configuraci\u00f3n ahora bloquear\u00e1n el dispositivo, por lo que debemos corregir el orden."}], "lastModified": "2025-11-14T17:07:48.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F957DEA-003A-4EE7-90F1-17A87C9A1C01", "versionEndExcluding": "6.6.93"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AE98841-5774-4B45-A81C-2D188DB7E5C3", "versionEndExcluding": "6.12.31", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9B72DD1-715C-4101-A720-1C8D70044C06", "versionEndExcluding": "6.14.9", "versionStartIncluding": "6.13"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}