CVE-2025-71227

MEDIUM EPSS 1.1%
Published Feb 18, 20264mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 18, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning (channel is checked to be usable by cfg80211_get_ies_channel_number) and connecting on the channel later. With one scenario that isn't covered elsewhere described above, the warning isn't good, replace it with a (more informative) error message.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥3.8  –  <6.18.10
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 2

  • git.kernel.org https://git.kernel.org/stable/c/10d3ff7e5812c8d70300f6fa8f524009a06aa7e1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/99067b58a408a384d2a45c105eb3dce980a862ce
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/10d3ff7e5812c8d70300f6fa8f524009a06aa7e1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/99067b58a408a384d2a45c105eb3dce980a862ce
    Patch