CVE-2025-38121: 
Linux Ubuntu vulnerability analysis and mitigation

A vulnerability in the Linux kernel's iwlwifi driver has been identified and assigned CVE-2025-38121. The issue was discovered and reported through kernel.org on July 3, 2025. The vulnerability affects the Multi-Link Device (MLD) initialization process in the iwlwifi driver, which handles Intel wireless network adapters (CVE MITRE).

The vulnerability occurs during the initialization process of the iwlwifi driver where the inhwrestart flag is incorrectly handled. When an error occurs during initialization, the inhwrestart flag is set but never cleared. This leads to a situation where the system incorrectly believes it's in a hardware restart state when it's actually in the initial setup phase. The specific technical impact includes a NULL pointer dereference when attempting to cancel rxomi::finishedwork, which hasn't been properly initialized (NVD).

The vulnerability can result in a kernel panic due to NULL pointer dereference, potentially causing system crashes and denial of service conditions. This affects systems using Intel wireless adapters with the iwlwifi driver (CVE MITRE).

The fix involves modifying the driver to only set inhwrestart to true when the firmware is confirmed to be running, ensuring that the flag accurately reflects the system state. This confirms that the firmware was loaded successfully and prevents entering the retry loop incorrectly (CVE MITRE).