CVE-2025-21729: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a race condition vulnerability (CVE-2025-21729) was discovered in the rtw89 WiFi driver. The vulnerability affects the hardware scan cancellation functionality, where the rtwdev->scanning flag is not properly protected by a mutex. This issue was discovered in early 2025 and affects Linux systems using the rtw89 wireless driver (Kernel Git).

The vulnerability stems from a race condition where the scanning flag isn't protected by mutex in the cancel_hw_scan operation. When cancel_hw_scan passes the condition check, the hw_scan completion can simultaneously unset the flag and call ieee80211_scan_completed(), which frees local->hw_scan_req. This leads to both a null pointer dereference and a use-after-free condition. The issue was confirmed through KASAN (Kernel Address Sanitizer) detection on a Lenovo system running the affected driver (Kernel Git).

When exploited, this vulnerability can lead to system crashes through null pointer dereference and use-after-free conditions. The issue specifically affects systems using the rtw89 wireless driver during WiFi scanning operations (Kernel Git).

The issue has been fixed by moving the check condition to a location protected by mutex. The fix was implemented through a patch that modifies the driver's scanning logic to ensure proper synchronization. The solution involves restructuring the code to perform the scanning flag check within the mutex-protected section (Kernel Git).