CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-37897: wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release

plfxlc_mac_release() asserts that mac->lock is held. This assertion is
incorrect, because even if it was possible, it would not be the valid
behaviour. The function is used when probe fails or after the device is
disconnected. In both cases mac->lock can not be held as the driver is
not working with the device at the moment. All functions that use mac->lock
unlock it just after it was held. There is also no need to hold mac->lock
for plfxlc_mac_release() itself, as mac data is not affected, except for
mac->flags, which is modified atomically.

This bug leads to the following warning:
================================================================
WARNING: CPU: 0 PID: 127 at drivers/net/wireless/purelifi/plfxlc/mac.c:106 plfxlc_mac_release+0x7d/0xa0
Modules linked in:
CPU: 0 PID: 127 Comm: kworker/0:2 Not tainted 6.1.124-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: usb_hub_wq hub_event
RIP: 0010:plfxlc_mac_release+0x7d/0xa0 drivers/net/wireless/purelifi/plfxlc/mac.c:106
Call Trace:

probe+0x941/0xbd0 drivers/net/wireless/purelifi/plfxlc/usb.c:694
usb_probe_interface+0x5c0/0xaf0 drivers/usb/core/driver.c:396
really_probe+0x2ab/0xcb0 drivers/base/dd.c:639
__driver_probe_device+0x1a2/0x3d0 drivers/base/dd.c:785
driver_probe_device+0x50/0x420 drivers/base/dd.c:815
__device_a...

Classification

CVE ID: CVE-2025-37897

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.93% (scored less or equal to compared to others)

EPSS Date: 2025-06-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-37897
https://git.kernel.org/stable/c/93d646911be1e5be20d4f5d6c48359464cef0097
https://git.kernel.org/stable/c/36a9a2647810e57e704dde59abdf831380ca9102
https://git.kernel.org/stable/c/791a2d9e87c411aec0b9b2fb735fd15e48af9de9
https://git.kernel.org/stable/c/9ecb4af39f80cdda3e57825923243ec11e48be6b
https://git.kernel.org/stable/c/0fb15ae3b0a9221be01715dac0335647c79f3362

Timeline