From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 02B673E0C63 for ; Fri, 8 May 2026 13:13:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778246028; cv=none; b=hmRybr5hdUB0BAzUE127a48HDIMv3OrASSS+ndg25tHqRMu5CtenHEVNv2OIU1/yPnY62Tjwb3CrYLni4i1tnM6eIz2xu1x2Gz+LVtFw3zMoLKia5V71x16B7+BPanZnXLISUHn2WWvyojU12t6TlIUgMCsL8mkt3sUYSygoZdU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778246028; c=relaxed/simple; bh=TAvl1fQYNpkSpSP7VJNcGpS7G+9nsBq7By8i+JBy0f8=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=TVWwnqdSlEAPY3VXGo8VDOF1c0V9CQy+U4nROxnUgXQmPPzoSI17cy7BiCEHTJePFcuGD6sdS9OfQeNDyoeCbq71ksetCNtJ1Obmn8fiGm+xHwa5hbdllWa1W4UDKiPch6i219s0ImbxVn3NSmv2aWycrGuD0CrZcibIhERUKjA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=srKcu5L+; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="srKcu5L+" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1A164C2BCB0; Fri, 8 May 2026 13:13:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1778246027; bh=TAvl1fQYNpkSpSP7VJNcGpS7G+9nsBq7By8i+JBy0f8=; h=From:To:Cc:Subject:Date:Reply-To:From; b=srKcu5L+i7COFFt563tGu7mWmUnxqbPRwZ1jmmm3Wxk3UEQKl49rnl6JdIZrqrvcj EgQxl/vHgFuxPGd8+15IK6AnXMmX+CdTnCfVQCJyEBr/8mBURcdZXJ2iGdHaPsKUj3 bZzWHjsVlmgPdaW8+Zm3LfHFYuZ7w1b7iUvCR0VQ= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2025-71297: wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() Date: Fri, 8 May 2026 15:11:47 +0200 Message-ID: <2026050849-CVE-2025-71297-3470@gregkh> X-Mailer: git-send-email 2.54.0 Reply-To: , Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4443; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=bcvMoVnsO7i+FBzQopiQV/5GS0DsqdRmvafPQQXj0uI=; b=owGbwMvMwCRo6H6F97bub03G02pJDJl/H4q6s+4/NyWux1NVk7nk65kfR7aYvNdhZ5v+/5zrg fux6eLdHbEsDIJMDLJiiixftvEc3V9xSNHL0PY0zBxWJpAhDFycAjCR6/MZFrSZR8w5mXM9un3V AYVzhrPqVV+J1TAsWKkudbbxAc8jrctH003idm4/M6XtGAA= X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() rtw8822b_set_antenna() can be called from userspace when the chip is powered off. In that case a WARNING is triggered in rtw8822b_config_trx_mode() because trying to read the RF registers when the chip is powered off returns an unexpected value. Call rtw8822b_config_trx_mode() in rtw8822b_set_antenna() only when the chip is powered on. ------------[ cut here ]------------ write RF mode table fail WARNING: CPU: 0 PID: 7183 at rtw8822b.c:824 rtw8822b_config_trx_mode.constprop.0+0x835/0x840 [rtw88_8822b] CPU: 0 UID: 0 PID: 7183 Comm: iw Tainted: G W OE 6.17.5-arch1-1 #1 PREEMPT(full) 01c39fc421df2af799dd5e9180b572af860b40c1 Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: LENOVO 82KR/LNVNB161216, BIOS HBCN18WW 08/27/2021 RIP: 0010:rtw8822b_config_trx_mode.constprop.0+0x835/0x840 [rtw88_8822b] Call Trace: rtw8822b_set_antenna+0x57/0x70 [rtw88_8822b 370206f42e5890d8d5f48eb358b759efa37c422b] rtw_ops_set_antenna+0x50/0x80 [rtw88_core 711c8fb4f686162be4625b1d0b8e8c6a5ac850fb] ieee80211_set_antenna+0x60/0x100 [mac80211 f1845d85d2ecacf3b71867635a050ece90486cf3] nl80211_set_wiphy+0x384/0xe00 [cfg80211 296485ee85696d2150309a6d21a7fbca83d3dbda] ? netdev_run_todo+0x63/0x550 genl_family_rcv_msg_doit+0xfc/0x160 genl_rcv_msg+0x1aa/0x2b0 ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211 296485ee85696d2150309a6d21a7fbca83d3dbda] ? __pfx_nl80211_set_wiphy+0x10/0x10 [cfg80211 296485ee85696d2150309a6d21a7fbca83d3dbda] ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211 296485ee85696d2150309a6d21a7fbca83d3dbda] ? __pfx_genl_rcv_msg+0x10/0x10 netlink_rcv_skb+0x59/0x110 genl_rcv+0x28/0x40 netlink_unicast+0x285/0x3c0 ? __alloc_skb+0xdb/0x1a0 netlink_sendmsg+0x20d/0x430 ____sys_sendmsg+0x39f/0x3d0 ? import_iovec+0x2f/0x40 ___sys_sendmsg+0x99/0xe0 ? refill_obj_stock+0x12e/0x240 __sys_sendmsg+0x8a/0xf0 do_syscall_64+0x81/0x970 ? do_syscall_64+0x81/0x970 ? ksys_read+0x73/0xf0 ? do_syscall_64+0x81/0x970 ? count_memcg_events+0xc2/0x190 ? handle_mm_fault+0x1d7/0x2d0 ? do_user_addr_fault+0x21a/0x690 ? exc_page_fault+0x7e/0x1a0 entry_SYSCALL_64_after_hwframe+0x76/0x7e ---[ end trace 0000000000000000 ]--- The Linux kernel CVE team has assigned CVE-2025-71297 to this issue. Affected and fixed versions =========================== Fixed in 6.1.165 with commit 7852ca1cc65ad43fb8b620e6a65d5cb15e4e4487 Fixed in 6.6.128 with commit a96d161cfdb11cd2c35d5e498b93431164823338 Fixed in 6.12.75 with commit 0d0c2fb80ca4c284c397dd7546743a3b5fdf4020 Fixed in 6.18.16 with commit 509becaee5680a39bde00c2c7d448dfeb39a8e05 Fixed in 6.19.6 with commit 44510ff07b5198e4a835a3074b716cec8357695b Fixed in 7.0 with commit 44d1f624bbdd2d60319374ba85f7195a28d00c90 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-71297 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/realtek/rtw88/rtw8822b.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7852ca1cc65ad43fb8b620e6a65d5cb15e4e4487 https://git.kernel.org/stable/c/a96d161cfdb11cd2c35d5e498b93431164823338 https://git.kernel.org/stable/c/0d0c2fb80ca4c284c397dd7546743a3b5fdf4020 https://git.kernel.org/stable/c/509becaee5680a39bde00c2c7d448dfeb39a8e05 https://git.kernel.org/stable/c/44510ff07b5198e4a835a3074b716cec8357695b https://git.kernel.org/stable/c/44d1f624bbdd2d60319374ba85f7195a28d00c90