CVE-2025-71227
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning (channel is checked to be usable by cfg80211_get_ies_channel_number) and connecting on the channel later. With one scenario that isn't covered elsewhere described above, the warning isn't good, replace it with a (more informative) error message.
Analysis
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: don't WARN for connections on invalid channels
It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g.
Technical Context
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: don't WARN for connections on invalid channels
It's not clear (to me) how exactly syzbot managed to hit this,
but it seems conceivable that e.g. regulatory changed and has
disabled a channel between scanning (channel is checked to be
usable by cfg80211_get_ies_channel_number) and connecting on
the channel later.
With one scenario that isn't covered elsewhere described above,
the warning isn't good, replace it
Affected Products
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (t
Remediation
Monitor vendor advisories for a patch.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today