{"id":"CVE-2025-68360","summary":"wifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks\n\nMT7996 driver can use both wed and wed_hif2 devices to offload traffic\nfrom/to the wireless NIC. In the current codebase we assume to always\nuse the primary wed device in wed callbacks resulting in the following\ncrash if the hw runs wed_hif2 (e.g. 6GHz link).\n\n[  297.455876] Unable to handle kernel read from unreadable memory at virtual address 000000000000080a\n[  297.464928] Mem abort info:\n[  297.467722]   ESR = 0x0000000096000005\n[  297.471461]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  297.476766]   SET = 0, FnV = 0\n[  297.479809]   EA = 0, S1PTW = 0\n[  297.482940]   FSC = 0x05: level 1 translation fault\n[  297.487809] Data abort info:\n[  297.490679]   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[  297.496156]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[  297.501196]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[  297.506500] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000107480000\n[  297.512927] [000000000000080a] pgd=08000001097fb003, p4d=08000001097fb003, pud=08000001097fb003, pmd=0000000000000000\n[  297.523532] Internal error: Oops: 0000000096000005 [#1] SMP\n[  297.715393] CPU: 2 UID: 0 PID: 45 Comm: kworker/u16:2 Tainted: G           O       6.12.50 #0\n[  297.723908] Tainted: [O]=OOT_MODULE\n[  297.727384] Hardware name: Banana Pi BPI-R4 (2x SFP+) (DT)\n[  297.732857] Workqueue: nf_ft_offload_del nf_flow_rule_route_ipv6 [nf_flow_table]\n[  297.740254] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  297.747205] pc : mt76_wed_offload_disable+0x64/0xa0 [mt76]\n[  297.752688] lr : mtk_wed_flow_remove+0x58/0x80\n[  297.757126] sp : ffffffc080fe3ae0\n[  297.760430] x29: ffffffc080fe3ae0 x28: ffffffc080fe3be0 x27: 00000000deadbef7\n[  297.767557] x26: ffffff80c5ebca00 x25: 0000000000000001 x24: ffffff80c85f4c00\n[  297.774683] x23: ffffff80c1875b78 x22: ffffffc080d42cd0 x21: ffffffc080660018\n[  297.781809] x20: ffffff80c6a076d0 x19: ffffff80c6a043c8 x18: 0000000000000000\n[  297.788935] x17: 0000000000000000 x16: 0000000000000001 x15: 0000000000000000\n[  297.796060] x14: 0000000000000019 x13: ffffff80c0ad8ec0 x12: 00000000fa83b2da\n[  297.803185] x11: ffffff80c02700c0 x10: ffffff80c0ad8ec0 x9 : ffffff81fef96200\n[  297.810311] x8 : ffffff80c02700c0 x7 : ffffff80c02700d0 x6 : 0000000000000002\n[  297.817435] x5 : 0000000000000400 x4 : 0000000000000000 x3 : 0000000000000000\n[  297.824561] x2 : 0000000000000001 x1 : 0000000000000800 x0 : ffffff80c6a063c8\n[  297.831686] Call trace:\n[  297.834123]  mt76_wed_offload_disable+0x64/0xa0 [mt76]\n[  297.839254]  mtk_wed_flow_remove+0x58/0x80\n[  297.843342]  mtk_flow_offload_cmd+0x434/0x574\n[  297.847689]  mtk_wed_setup_tc_block_cb+0x30/0x40\n[  297.852295]  nf_flow_offload_ipv6_hook+0x7f4/0x964 [nf_flow_table]\n[  297.858466]  nf_flow_rule_route_ipv6+0x438/0x4a4 [nf_flow_table]\n[  297.864463]  process_one_work+0x174/0x300\n[  297.868465]  worker_thread+0x278/0x430\n[  297.872204]  kthread+0xd8/0xdc\n[  297.875251]  ret_from_fork+0x10/0x20\n[  297.878820] Code: 928b5ae0 8b000273 91400a60 f943fa61 (79401421)\n[  297.884901] ---[ end trace 0000000000000000 ]---\n\nFix the issue detecting the proper wed reference to use running wed\ncallabacks.","modified":"2026-05-15T04:14:11.982974301Z","published":"2025-12-24T10:32:49.121Z","related":["SUSE-SU-2026:20555-1","SUSE-SU-2026:20599-1","SUSE-SU-2026:20615-1","openSUSE-SU-2026:10039-1","openSUSE-SU-2026:10301-1","openSUSE-SU-2026:20287-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68360.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/385aab8fccd7a8746b9f1a17f3c1e38498a14bc7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ab94ecb997fd1bbc501a0116c7aad51556b67c86"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d582d0e988d696698c94edf097062bb987ae592c"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68360.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68360"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"6.8.0"},{"fixed":"6.17.13"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.18.0"},{"fixed":"6.18.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68360.json"}}],"schema_version":"1.7.5"}