CVE-2025-71297 - Vulnerability Details

- wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode()

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode()

rtw8822b_set_antenna() can be called from userspace when the chip is
powered off. In that case a WARNING is triggered in
rtw8822b_config_trx_mode() because trying to read the RF registers
when the chip is powered off returns an unexpected value.

Call rtw8822b_config_trx_mode() in rtw8822b_set_antenna() only when
the chip is powered on.

------------[ cut here ]------------
write RF mode table fail
WARNING: CPU: 0 PID: 7183 at rtw8822b.c:824 rtw8822b_config_trx_mode.constprop.0+0x835/0x840 [rtw88_8822b]
CPU: 0 UID: 0 PID: 7183 Comm: iw Tainted: G W OE 6.17.5-arch1-1 #1 PREEMPT(full) 01c39fc421df2af799dd5e9180b572af860b40c1
Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
Hardware name: LENOVO 82KR/LNVNB161216, BIOS HBCN18WW 08/27/2021
RIP: 0010:rtw8822b_config_trx_mode.constprop.0+0x835/0x840 [rtw88_8822b]
Call Trace:
<TASK>
rtw8822b_set_antenna+0x57/0x70 [rtw88_8822b 370206f42e5890d8d5f48eb358b759efa37c422b]
rtw_ops_set_antenna+0x50/0x80 [rtw88_core 711c8fb4f686162be4625b1d0b8e8c6a5ac850fb]
ieee80211_set_antenna+0x60/0x100 [mac80211 f1845d85d2ecacf3b71867635a050ece90486cf3]
nl80211_set_wiphy+0x384/0xe00 [cfg80211 296485ee85696d2150309a6d21a7fbca83d3dbda]
? netdev_run_todo+0x63/0x550
genl_family_rcv_msg_doit+0xfc/0x160
genl_rcv_msg+0x1aa/0x2b0
? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211 296485ee85696d2150309a6d21a7fbca83d3dbda]
? __pfx_nl80211_set_wiphy+0x10/0x10 [cfg80211 296485ee85696d2150309a6d21a7fbca83d3dbda]
? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211 296485ee85696d2150309a6d21a7fbca83d3dbda]
? __pfx_genl_rcv_msg+0x10/0x10
netlink_rcv_skb+0x59/0x110
genl_rcv+0x28/0x40
netlink_unicast+0x285/0x3c0
? __alloc_skb+0xdb/0x1a0
netlink_sendmsg+0x20d/0x430
____sys_sendmsg+0x39f/0x3d0
? import_iovec+0x2f/0x40
___sys_sendmsg+0x99/0xe0
? refill_obj_stock+0x12e/0x240
__sys_sendmsg+0x8a/0xf0
do_syscall_64+0x81/0x970
? do_syscall_64+0x81/0x970
? ksys_read+0x73/0xf0
? do_syscall_64+0x81/0x970
? count_memcg_events+0xc2/0x190
? handle_mm_fault+0x1d7/0x2d0
? do_user_addr_fault+0x21a/0x690
? exc_page_fault+0x7e/0x1a0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
</TASK>
---[ end trace 0000000000000000 ]---

Published: 2026-05-08

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The bug is in the Linux rtw88 Wi‑Fi driver for the 8822b chipset. When a userspace utility calls rtw8822b_set_antenna while the hardware is powered off, the driver proceeds to read RF registers that return unexpected values. This causes a kernel warning in rtw8822b_config_trx_mode, indicating an improper state check. The warning itself does not crash the kernel, but repeated triggering could clutter logs and potentially lead to a denial‑of‑service if the log buffer is exhausted.

Affected Systems

All Linux systems that include the rtw88 driver with the 8822b chip are impacted. The issue is visible in kernel 6.17.5‑arch1‑1, as shown in the reported trace, but any kernel version that ships the unpatched rtw88 module is vulnerable. Systems with the chip powered off while userspace can invoke antenna‑configuration commands (e.g., via nl80211) are at risk.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS value of < 1% suggests a very low likelihood of exploitation in the wild. Attackers would need to be able to run a privileged userspace process that can send nl80211 messages, which is inferred as the trace references nl80211_set_wiphy; such operations usually require administrative network privileges, though this requirement is not explicitly stated in the description. Since the bug only generates warnings and does not provide a direct code‑execution or privilege‑escalation vector, the overall risk is limited. The vulnerability is not currently listed in the CISA KEV catalog.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`297bcf8222f222fd7defead862de4b8e3ea0b08a`	affected	< 7852ca1cc65ad43fb8b620e6a65d5cb15e4e4487
`297bcf8222f222fd7defead862de4b8e3ea0b08a`	affected	< a96d161cfdb11cd2c35d5e498b93431164823338
`297bcf8222f222fd7defead862de4b8e3ea0b08a`	affected	< 0d0c2fb80ca4c284c397dd7546743a3b5fdf4020
`297bcf8222f222fd7defead862de4b8e3ea0b08a`	affected	< 509becaee5680a39bde00c2c7d448dfeb39a8e05
`297bcf8222f222fd7defead862de4b8e3ea0b08a`	affected	< 44510ff07b5198e4a835a3074b716cec8357695b
`297bcf8222f222fd7defead862de4b8e3ea0b08a`	affected	< 44d1f624bbdd2d60319374ba85f7195a28d00c90

Linux

affected

Version	Status	Constraints
`5.8`	affected	—
`0`	unaffected	< 5.8
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,7852ca1cc65ad43fb8b620e6a65d5cb15e4e4487)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,a96d161cfdb11cd2c35d5e498b93431164823338)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,0d0c2fb80ca4c284c397dd7546743a3b5fdf4020)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,509becaee5680a39bde00c2c7d448dfeb39a8e05)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,44510ff07b5198e4a835a3074b716cec8357695b)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,44d1f624bbdd2d60319374ba85f7195a28d00c90)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to the latest release that includes the rtw88 driver patch that guards against reading RF registers when the chip is powered off.
Modify any userspace antenna‑configuration utilities to check the power state of the Wi‑Fi chip before calling the nl80211 interface, ensuring that rtw8822b_set_antenna is only invoked when the hardware is active.
Configure the system to rotate or truncate kernel logs and monitor for repeated rtw8822b_config_trx_mode warnings; if the patch does not eliminate warnings, report the issue to the kernel maintainers.

Generated by OpenCVE AI on May 14, 2026 at 22:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0d0c2fb80ca4c284c397dd7546743a3b5fdf4020
https://git.kernel.org/stable/c/44510ff07b5198e4a835a3074b716cec8357695b
https://git.kernel.org/stable/c/44d1f624bbdd2d60319374ba85f7195a28d00c90
https://git.kernel.org/stable/c/509becaee5680a39bde00c2c7d448dfeb39a8e05
https://git.kernel.org/stable/c/7852ca1cc65ad43fb8b620e6a65d5cb15e4e4487
https://git.kernel.org/stable/c/a96d161cfdb11cd2c35d5e498b93431164823338
https://lore.kernel.org/linux-cve-announce/2026050849-CVE-2025-71297-3470@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-71297
https://www.cve.org/CVERecord?id=CVE-2025-71297

History

Thu, 14 May 2026 21:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-398

Thu, 14 May 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-372
References		https://lore.kernel.org/linux-cve-announce/2026050849-CVE-2025-71297-3470@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-71297 https://www.cve.org/CVERecord?id=CVE-2025-71297
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 08 May 2026 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-398

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() rtw8822b_set_antenna() can be called from userspace when the chip is powered off. In that case a WARNING is triggered in rtw8822b_config_trx_mode() because trying to read the RF registers when the chip is powered off returns an unexpected value. Call rtw8822b_config_trx_mode() in rtw8822b_set_antenna() only when the chip is powered on. ------------[ cut here ]------------ write RF mode table fail WARNING: CPU: 0 PID: 7183 at rtw8822b.c:824 rtw8822b_config_trx_mode.constprop.0+0x835/0x840 [rtw88_8822b] CPU: 0 UID: 0 PID: 7183 Comm: iw Tainted: G W OE 6.17.5-arch1-1 #1 PREEMPT(full) 01c39fc421df2af799dd5e9180b572af860b40c1 Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: LENOVO 82KR/LNVNB161216, BIOS HBCN18WW 08/27/2021 RIP: 0010:rtw8822b_config_trx_mode.constprop.0+0x835/0x840 [rtw88_8822b] Call Trace: <TASK> rtw8822b_set_antenna+0x57/0x70 [rtw88_8822b 370206f42e5890d8d5f48eb358b759efa37c422b] rtw_ops_set_antenna+0x50/0x80 [rtw88_core 711c8fb4f686162be4625b1d0b8e8c6a5ac850fb] ieee80211_set_antenna+0x60/0x100 [mac80211 f1845d85d2ecacf3b71867635a050ece90486cf3] nl80211_set_wiphy+0x384/0xe00 [cfg80211 296485ee85696d2150309a6d21a7fbca83d3dbda] ? netdev_run_todo+0x63/0x550 genl_family_rcv_msg_doit+0xfc/0x160 genl_rcv_msg+0x1aa/0x2b0 ? __pfx_nl80211_pre_doit+0x10/0x10 [cfg80211 296485ee85696d2150309a6d21a7fbca83d3dbda] ? __pfx_nl80211_set_wiphy+0x10/0x10 [cfg80211 296485ee85696d2150309a6d21a7fbca83d3dbda] ? __pfx_nl80211_post_doit+0x10/0x10 [cfg80211 296485ee85696d2150309a6d21a7fbca83d3dbda] ? __pfx_genl_rcv_msg+0x10/0x10 netlink_rcv_skb+0x59/0x110 genl_rcv+0x28/0x40 netlink_unicast+0x285/0x3c0 ? __alloc_skb+0xdb/0x1a0 netlink_sendmsg+0x20d/0x430 ____sys_sendmsg+0x39f/0x3d0 ? import_iovec+0x2f/0x40 ___sys_sendmsg+0x99/0xe0 ? refill_obj_stock+0x12e/0x240 __sys_sendmsg+0x8a/0xf0 do_syscall_64+0x81/0x970 ? do_syscall_64+0x81/0x970 ? ksys_read+0x73/0xf0 ? do_syscall_64+0x81/0x970 ? count_memcg_events+0xc2/0x190 ? handle_mm_fault+0x1d7/0x2d0 ? do_user_addr_fault+0x21a/0x690 ? exc_page_fault+0x7e/0x1a0 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> ---[ end trace 0000000000000000 ]---
Title		wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0d0c2fb80ca4c284c397dd7546743a3b5fdf4020 https://git.kernel.org/stable/c/44510ff07b5198e4a835a3074b716cec8357695b https://git.kernel.org/stable/c/44d1f624bbdd2d60319374ba85f7195a28d00c90 https://git.kernel.org/stable/c/509becaee5680a39bde00c2c7d448dfeb39a8e05 https://git.kernel.org/stable/c/7852ca1cc65ad43fb8b620e6a65d5cb15e4e4487 https://git.kernel.org/stable/c/a96d161cfdb11cd2c35d5e498b93431164823338

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:11:09.120Z

Updated: 2026-05-11T21:57:28.537Z

Reserved: 2026-05-06T11:31:45.510Z

Link: CVE-2025-71297

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-08T14:16:31.000

Modified: 2026-05-14T19:20:43.510

Link: CVE-2025-71297

Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2025-71297 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-14T22:45:31Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object