7.8

CVE-2025-39864

wifi: cfg80211: fix use-after-free in cmp_bss()

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: fix use-after-free in cmp_bss()

Following bss_free() quirk introduced in commit 776b3580178f
("cfg80211: track hidden SSID networks properly"), adjust
cfg80211_update_known_bss() to free the last beacon frame
elements only if they're not shared via the corresponding
'hidden_beacon_bss' pointer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.4 < 5.4.299
LinuxLinux Kernel Version >= 5.5 < 5.10.243
LinuxLinux Kernel Version >= 5.11 < 5.15.192
LinuxLinux Kernel Version >= 5.16 < 6.1.151
LinuxLinux Kernel Version >= 6.2 < 6.6.105
LinuxLinux Kernel Version >= 6.7 < 6.12.46
LinuxLinux Kernel Version >= 6.13 < 6.16.6
LinuxLinux Kernel Version6.17 Updaterc1
LinuxLinux Kernel Version6.17 Updaterc2
LinuxLinux Kernel Version6.17 Updaterc3
LinuxLinux Kernel Version6.17 Updaterc4
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.047
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://git.kernel.org/stable/c/a8bb681e879ca3c9f722aa08d3d7ae41c42a8807
Patch
https://git.kernel.org/stable/c/a97a9791e455bb0cd5e7a38b5abcb05523d4e21c
Patch
https://git.kernel.org/stable/c/ff040562c10a540b8d851f7f4145fa112977f853
Patch
https://git.kernel.org/stable/c/6854476d9e1aeaaf05ebc98d610061c2075db07d
Patch
https://git.kernel.org/stable/c/b7d08929178c16398278613df07ad65cf63cce9d
Patch
https://git.kernel.org/stable/c/5b7ae04969f822283a95c866967e42b4d75e0eef
Patch
https://git.kernel.org/stable/c/912c4b66bef713a20775cfbf3b5e9bd71525c716
Patch
https://git.kernel.org/stable/c/26e84445f02ce6b2fe5f3e0e28ff7add77f35e08
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory
Mailing List
https://cert-portal.siemens.com/productcert/html/ssa-032379.html
https://cert-portal.siemens.com/productcert/html/ssa-089022.html