5.5

CVE-2026-23367

wifi: radiotap: reject radiotap with unknown bits

In the Linux kernel, the following vulnerability has been resolved:

wifi: radiotap: reject radiotap with unknown bits

The radiotap parser is currently only used with the radiotap
namespace (not with vendor namespaces), but if the undefined
field 18 is used, the alignment/size is unknown as well. In
this case, iterator->_next_ns_data isn't initialized (it's
only set for skipping vendor namespaces), and syzbot points
out that we later compare against this uninitialized value.

Fix this by moving the rejection of unknown radiotap fields
down to after the in-namespace lookup, so it will really use
iterator->_next_ns_data only for vendor namespaces, even in
case undefined fields are present.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.34.1 < 5.10.253
LinuxLinux Kernel Version >= 5.11 < 5.15.203
LinuxLinux Kernel Version >= 5.16 < 6.1.167
LinuxLinux Kernel Version >= 6.2 < 6.6.130
LinuxLinux Kernel Version >= 6.7 < 6.12.77
LinuxLinux Kernel Version >= 6.13 < 6.18.17
LinuxLinux Kernel Version >= 6.19 < 6.19.7
LinuxLinux Kernel Version2.6.34 Update-
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
LinuxLinux Kernel Version7.0 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.023
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/703fa979badbba83d31cd011606d060bfb8b0d1d
Patch
https://git.kernel.org/stable/c/129c8bb320a7cef692c78056ef8e89a2a12ba448
Patch
https://git.kernel.org/stable/c/2a60c588d5d39ad187628f58395c776a97fd4323
Patch
https://git.kernel.org/stable/c/2f8ceeba670610d66f77def32011f48de951d781
Patch
https://git.kernel.org/stable/c/e664971759a0e5570b50c6592e58a7f97d55e992
Patch
https://git.kernel.org/stable/c/c854758abe0b8d86f9c43dc060ff56a0ee5b31e0
Patch
https://git.kernel.org/stable/c/6f80f6a60f5d87e5de5fb2732751fce799991c24
Patch
https://git.kernel.org/stable/c/d1d1d3c50095928624a95b67a6d7ccc3a18f2215
Patch