Description
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix use-after-free in cmp_bss() Following bss_free() quirk introduced in commit 776b3580178f ("cfg80211: track hidden SSID networks properly"), adjust cfg80211_update_known_bss() to free the last beacon frame elements only if they're not shared via the corresponding 'hidden_beacon_bss' pointer.
Product status
3ab8227d3e7d1d2bf1829675d3197e3cb600e9f6 (git) before a8bb681e879ca3c9f722aa08d3d7ae41c42a8807
3ab8227d3e7d1d2bf1829675d3197e3cb600e9f6 (git) before a97a9791e455bb0cd5e7a38b5abcb05523d4e21c
3ab8227d3e7d1d2bf1829675d3197e3cb600e9f6 (git) before ff040562c10a540b8d851f7f4145fa112977f853
3ab8227d3e7d1d2bf1829675d3197e3cb600e9f6 (git) before 6854476d9e1aeaaf05ebc98d610061c2075db07d
3ab8227d3e7d1d2bf1829675d3197e3cb600e9f6 (git) before b7d08929178c16398278613df07ad65cf63cce9d
3ab8227d3e7d1d2bf1829675d3197e3cb600e9f6 (git) before 5b7ae04969f822283a95c866967e42b4d75e0eef
3ab8227d3e7d1d2bf1829675d3197e3cb600e9f6 (git) before 912c4b66bef713a20775cfbf3b5e9bd71525c716
3ab8227d3e7d1d2bf1829675d3197e3cb600e9f6 (git) before 26e84445f02ce6b2fe5f3e0e28ff7add77f35e08
5.4
Any version before 5.4
5.4.299 (semver)
5.10.243 (semver)
5.15.192 (semver)
6.1.151 (semver)
6.6.105 (semver)
6.12.46 (semver)
6.16.6 (semver)
6.17 (original_commit_for_fix)
References
lists.debian.org/debian-lts-announce/2025/10/msg00008.html
lists.debian.org/debian-lts-announce/2025/10/msg00007.html
git.kernel.org/...c/a8bb681e879ca3c9f722aa08d3d7ae41c42a8807
git.kernel.org/...c/a97a9791e455bb0cd5e7a38b5abcb05523d4e21c
git.kernel.org/...c/ff040562c10a540b8d851f7f4145fa112977f853
git.kernel.org/...c/6854476d9e1aeaaf05ebc98d610061c2075db07d
git.kernel.org/...c/b7d08929178c16398278613df07ad65cf63cce9d
git.kernel.org/...c/5b7ae04969f822283a95c866967e42b4d75e0eef
git.kernel.org/...c/912c4b66bef713a20775cfbf3b5e9bd71525c716
git.kernel.org/...c/26e84445f02ce6b2fe5f3e0e28ff7add77f35e08
