GHSA-JHX4-VM77-C4V2

Vulnerability from github – Published: 2025-12-24 12:30 – Updated: 2025-12-24 12:30
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled

In case WoWlan was never configured during the operation of the system, the hw->wiphy->wowlan_config will be NULL. rsi_config_wowlan() checks whether wowlan_config is non-NULL and if it is not, then WARNs about it. The warning is valid, as during normal operation the rsi_config_wowlan() should only ever be called with non-NULL wowlan_config. In shutdown this rsi_config_wowlan() should only ever be called if WoWlan was configured before by the user.

Add checks for non-NULL wowlan_config into the shutdown hook. While at it, check whether the wiphy is also non-NULL before accessing wowlan_config . Drop the single-use wowlan_config variable, just inline it into function call.

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2023-54025"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-24T11:15:55Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rsi: Do not configure WoWlan in shutdown hook if not enabled\n\nIn case WoWlan was never configured during the operation of the system,\nthe hw-\u003ewiphy-\u003ewowlan_config will be NULL. rsi_config_wowlan() checks\nwhether wowlan_config is non-NULL and if it is not, then WARNs about it.\nThe warning is valid, as during normal operation the rsi_config_wowlan()\nshould only ever be called with non-NULL wowlan_config. In shutdown this\nrsi_config_wowlan() should only ever be called if WoWlan was configured\nbefore by the user.\n\nAdd checks for non-NULL wowlan_config into the shutdown hook. While at it,\ncheck whether the wiphy is also non-NULL before accessing wowlan_config .\nDrop the single-use wowlan_config variable, just inline it into function\ncall.",
  "id": "GHSA-jhx4-vm77-c4v2",
  "modified": "2025-12-24T12:30:28Z",
  "published": "2025-12-24T12:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54025"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1b51236aa49a0564280bd45c94118cab6d9b0fbd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4391fa180856ff84a2cef4a92694a689eebb855e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b241e260820b68c09586e8a0ae0fc23c0e3215bd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b2aeb97fd470206e67f7b3b4a3e68212a13f747b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b601468539c1d97539097bfc87ad11f1704b7eb7"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb205a06908122f50b1dd1baa43f7c8036bfc7dc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.