CVE-2025-21906

wifi: iwlwifi: mvm: clean up ROC on failure

Published: 4/1/2025 Last updated: 5/11/2026 Reserved: 12/29/2024

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: clean up ROC on failure If the firmware fails to start the session protection, then we do call iwl_mvm_roc_finished() here, but that won't do anything at all because IWL_MVM_STATUS_ROC_P2P_RUNNING was never set. Set IWL_MVM_STATUS_ROC_P2P_RUNNING in the failure/stop path. If it started successfully before, it's already set, so that doesn't matter, and if it didn't start it needs to be set to clean up. Not doing so will lead to a WARN_ON() later on a fresh remain- on-channel, since the link is already active when activated as it was never deactivated.

CNA assigner: Linux (416baaa9-dc9f-4396-8d5f-8c081fb06d67) Requested by: n/a

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (4)

Product	Vendor	Version
Linux	Linux	SoftCo V200R003C20,eSpace U1910 V200R003C00,eSpace U1910 V200R003C20,eSpace U1910 V200R003C30,eSpace U1911 V200R003C20,eSpace U1911 V200R003C30,eSpace U1930 V200R003C20,eSpace U1930 V200R003C30,eSpace U1960 V200R003C20,eSpace U1960 V200R003C30,eSpace U1980 V200R003C20,eSpace U1980 V200R003C30,eSpace U1981 V200R003C20,eSpace U1981 V200R003C30,
Linux	Linux	n/a
Linux	Linux	15.4(2)T1
Linux	Linux	15.4(2)T3

CVE-2025-21906

wifi: iwlwifi: mvm: clean up ROC on failure

Opam packages affected (29)

Products affected (4)

References (6)