CVE-2025-38013 | THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Make sure that n_channels is set after allocating the struct cfg80211_registered_device::int_scan_req member. Seen with syzkaller: UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1208:5 index 0 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]') This was missed in the initial conversions because I failed to locate the allocation likely due to the "sizeof(void *)" not matching the "channels" array type.

Reserved 2025-04-16 | Published 2025-06-18 | Updated 2025-06-18 | Assigner Linux

Product status

Default status

unaffected

e3eac9f32ec04112b39e01b574ac739382469bf9 before fde33ab3c052a302ee8a0b739094b88ceae4dd67

affected

e3eac9f32ec04112b39e01b574ac739382469bf9 before 07c737d9ab02c07b562aefcca16aa95077368e24

affected

e3eac9f32ec04112b39e01b574ac739382469bf9 before e3192e999a0d05ea0ba2c59c09afaf0b8ee70b81

affected

e3eac9f32ec04112b39e01b574ac739382469bf9 before 82bbe02b2500ef0a62053fe2eb84773fe31c5a0a

affected

Default status

affected

6.6

affected

Any version before 6.6

unaffected

6.6.92

unaffected

6.12.30

unaffected

6.14.8

unaffected

6.15

unaffected

References

git.kernel.org/...c/fde33ab3c052a302ee8a0b739094b88ceae4dd67

git.kernel.org/...c/07c737d9ab02c07b562aefcca16aa95077368e24

git.kernel.org/...c/e3192e999a0d05ea0ba2c59c09afaf0b8ee70b81

git.kernel.org/...c/82bbe02b2500ef0a62053fe2eb84773fe31c5a0a

cve.org (CVE-2025-38013)

nvd.nist.gov (CVE-2025-38013)

Download JSON

https://cve.threatint.eu/CVE/CVE-2025-38013

Support options

Helpdesk Chat, Email, Knowledgebase