CVE-2025-39891

HIGH EPSS 4.8%
Published Oct 1, 20259mo ago · Modified Jun 17, 20262w ago
7.1 CVSS 3.1
High
Find Similar
Published Oct 1, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chan_stats array to zero The adapter->chan_stats[] array is initialized in mwifiex_init_channel_scan_gap() with vmalloc(), which doesn't zero out memory. The array is filled in mwifiex_update_chan_statistics() and then the user can query the data in mwifiex_cfg80211_dump_survey(). There are two potential issues here. What if the user calls mwifiex_cfg80211_dump_survey() before the data has been filled in. Also the mwifiex_update_chan_statistics() function doesn't necessarily initialize the whole array. Since the array was not initialized at the start that could result in an information leak. Also this array is pretty small. It's a maximum of 900 bytes so it's more appropriate to use kcalloc() instead vmalloc().

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
4.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥3.19  –  <5.4.299
linuxlinux_kernel*≥5.5  –  <5.10.243
linuxlinux_kernel*≥5.11  –  <5.15.192
linuxlinux_kernel*≥5.16  –  <6.1.151
linuxlinux_kernel*≥6.2  –  <6.6.105
linuxlinux_kernel*≥6.7  –  <6.12.46
linuxlinux_kernel*≥6.13  –  <6.16.6
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
debiandebian_linux11.0any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/05daef0442d28350a1a0d6d0e2cab4a7a91df475
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/06616410a3e5e6cd1de5b7cbc668f1a7edeedad9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0e20450829ca3c1dbc2db536391537c57a40fe0b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/32c124c9c03aa755cbaf60ef7f76afd918d47659
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5285b7009dc1e09d5bb9e05fae82e1a807882dbc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9df29aa5637d94d24f7c5f054ef4feaa7b766111
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9eb0118b3470b4d2e4e3bbb1fc088b30c0285d65
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/acdf26a912190fc6746e2a890d7d0338190527b4
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
    Mailing ListThird Party Advisory

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/05daef0442d28350a1a0d6d0e2cab4a7a91df475
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/06616410a3e5e6cd1de5b7cbc668f1a7edeedad9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/0e20450829ca3c1dbc2db536391537c57a40fe0b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/32c124c9c03aa755cbaf60ef7f76afd918d47659
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5285b7009dc1e09d5bb9e05fae82e1a807882dbc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9df29aa5637d94d24f7c5f054ef4feaa7b766111
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9eb0118b3470b4d2e4e3bbb1fc088b30c0285d65
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/acdf26a912190fc6746e2a890d7d0338190527b4
    Patch