CVE-2025-38604: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability (CVE-2025-38604) was discovered in the Linux kernel's RTL818x WiFi driver, specifically affecting the rtl8187_stop() function. The issue was identified on August 19, 2025, and involves improper handling of URBs (USB Request Blocks) in relation to the transmission status queue. The vulnerability affects Linux kernel versions up to 6.15.0 and was discovered by the Linux Verification Center using their SVACE tool (NVD).

The vulnerability occurs in the rtl8187stop() function where the usbkillanchoredurbs() call is incorrectly positioned after clearing the btxstatus.queue. This sequence allows callbacks to access already freed socket buffer (skb) memory because the USB anchor is not killed before freeing the associated skb. The issue manifests as a NULL pointer dereference at address 0x80, triggering a supervisor read access fault in kernel mode (NVD, Debian Tracker).

When triggered, the vulnerability causes a kernel NULL pointer dereference, leading to a system crash or denial of service condition. This particularly affects systems using the RTL8187BvE wireless device and could potentially impact system stability and availability (NVD).

The vulnerability has been fixed in Linux kernel version 6.16.3-1 and later. The fix involves reordering the operations in rtl8187_stop() to ensure USB URBs are killed before clearing the transmission status queue. Debian has released fixes for various distributions including forky and sid with version 6.16.3-1 (Debian Tracker).