CVE-2025-21730: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-21730 affects the Linux kernel's rtw89 WiFi driver. The vulnerability was discovered when a list corruption issue occurs during WoWLAN (Wake-on-WLAN) failure in the resume flow. The issue affects systems using the Realtek rtw89 wireless network driver (CVE Mitre).

The vulnerability stems from a double initialization of the mgntentry list when WoWLAN fails during resume flow. When rtw89opsaddinterface() is triggered without first removing the interface, the mgntentry list is initialized again. This causes the listempty() check in rtw89chanctxopsassignvif() to become ineffective, leading to an invalid listaddtail() operation. The issue manifests as a kernel BUG at lib/list_debug.c:34 with list corruption errors (Kernel Git).

The vulnerability can result in kernel crashes due to list corruption, potentially affecting system stability and causing denial of service conditions. The issue specifically impacts systems using the rtw89 wireless driver during WoWLAN resume operations (CVE Mitre).

A fix has been implemented by adding a check to prevent double adding of the list in the rtw89opsadd_interface() function. The patch modifies the driver to properly handle the list initialization only when the interface is not already in the list (Kernel Git).