CVE-2025-68182

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: fix potential use after free in iwl_mld_remove_link()

This code frees "link" by calling kfree_rcu(link, rcu_head) and then it
dereferences "link" to get the "link->fw_id".  Save the "link->fw_id"
first to avoid a potential use after free.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
not-affected
trixie
6.12.57-1
not-affected
bookworm
6.1.148-1
not-affected
bullseye (security)
5.10.247-1
fixed
bookworm (security)
6.1.158-1
fixed
trixie (security)
6.12.48-1
fixed
forky
6.17.12-1
fixed
sid
6.17.13-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/5b4a239c9f94e1606435f1842fc6fd426d607dbb
https://git.kernel.org/stable/c/77e67d5daaf155f7d0f99f4e797c4842169ec19e