CVE-2025-21979: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-21979 is a vulnerability discovered in the Linux kernel's WiFi subsystem, specifically in the cfg80211 component. The vulnerability was disclosed on April 1, 2025, and affects Linux kernel versions from 6.1.57 up to (excluding) 6.1.132, as well as various release candidates of version 6.14 (NVD).

The vulnerability is classified as a Use-After-Free (CWE-416) issue that occurs in the wiphywork handling mechanism. The issue arises when a wiphywork is queued from the moment the wiphy is allocated and initialized (via wiphynewnm). If wiphyfree is called before the queued rdev::wiphywork has a chance to execute, the wiphy memory gets freed, leading to invalid memory access when the work eventually runs. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can lead to high-severity impacts affecting the confidentiality, integrity, and availability of the system, as indicated by the CVSS scoring. The local attack vector and the potential for unauthorized memory access could allow attackers to execute code or cause system crashes (NVD).

The vulnerability has been fixed by implementing a patch that cancels the work before freeing the wiphy. Multiple Linux distributions have released updates to address this vulnerability, including Ubuntu and Debian. Debian has marked this as fixed in version 5.10.234-1 for bullseye and 6.1.133-1 for bookworm (Debian).