Linux Kernel up to 6.16.0 wifi sar.c rtw89_set_sar_from_acpi assertion

Summaryinfo

A vulnerability was found in Linux Kernel up to 6.16.0. It has been rated as critical. This affects the function rtw89_set_sar_from_acpi of the file drivers/net/wireless/realtek/rtw89/sar.c of the component wifi. The manipulation leads to assertion. This vulnerability is referenced as CVE-2025-38647. No exploit is available. Upgrading the affected component is advised.

Detailsinfo

A vulnerability was found in Linux Kernel up to 6.16.0 and classified as critical. This issue affects the function rtw89_set_sar_from_acpi of the file drivers/net/wireless/realtek/rtw89/sar.c of the component wifi. The manipulation with an unknown input leads to a assertion vulnerability. Using CWE to declare the problem leads to CWE-617. The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. Impacted is availability. The summary by CVE is:

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: sar: drop lockdep assertion in rtw89_set_sar_from_acpi The following assertion is triggered on the rtw89 driver startup. It looks meaningless to hold wiphy lock on the early init stage so drop the assertion. WARNING: CPU: 7 PID: 629 at drivers/net/wireless/realtek/rtw89/sar.c:502 rtw89_set_sar_from_acpi+0x365/0x4d0 [rtw89_core] CPU: 7 UID: 0 PID: 629 Comm: (udev-worker) Not tainted 6.15.0+ #29 PREEMPT(lazy) Hardware name: LENOVO 21D0/LNVNB161216, BIOS J6CN50WW 09/27/2024 RIP: 0010:rtw89_set_sar_from_acpi+0x365/0x4d0 [rtw89_core] Call Trace: <TASK> rtw89_sar_init+0x68/0x2c0 [rtw89_core] rtw89_core_init+0x188e/0x1e50 [rtw89_core] rtw89_pci_probe+0x530/0xb50 [rtw89_pci] local_pci_probe+0xd9/0x190 pci_call_probe+0x183/0x540 pci_device_probe+0x171/0x2c0 really_probe+0x1e1/0x890 __driver_probe_device+0x18c/0x390 driver_probe_device+0x4a/0x120 __driver_attach+0x1a0/0x530 bus_for_each_dev+0x10b/0x190 bus_add_driver+0x2eb/0x540 driver_register+0x1a3/0x3a0 do_one_initcall+0xd5/0x450 do_init_module+0x2cc/0x8f0 init_module_from_file+0xe1/0x150 idempotent_init_module+0x226/0x760 __x64_sys_finit_module+0xcd/0x150 do_syscall_64+0x94/0x380 entry_SYSCALL_64_after_hwframe+0x76/0x7e Found by Linux Verification Center (linuxtesting.org).

The advisory is shared at git.kernel.org. The identification of this vulnerability is CVE-2025-38647 since 04/16/2025. The exploitation is known to be difficult. Technical details are known, but no exploit is available.

Upgrading to version 6.16.1 or 6.17-rc1 eliminates this vulnerability. Applying the patch f7ac6df92eee030151476078069dc3eb0002dfb0/6fe21445f7e801de5527d420f8e25e97b0cdd7e2 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2025-1898). If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Affected

• Debian Linux
• Google Cloud Platform
• Amazon Linux 2
• Red Hat Enterprise Linux
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• NetApp AFF
• NetApp ActiveIQ Unified Manager
• SUSE openSUSE
• Dell Avamar
• NetApp FAS
• Open Source Linux Kernel
• Dell NetWorker
• Dell Secure Connect Gateway
• Dell ECS

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 6.0
• 6.1
• 6.2
• 6.3
• 6.4
• 6.5
• 6.6
• 6.7
• 6.8
• 6.9
• 6.10
• 6.11
• 6.12
• 6.13
• 6.14
• 6.15
• 6.16.0

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion