CVE-2025-38013

UNKNOWN 0.0

wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Make sure that n_channels is set after allocating the struct cfg80211_registered_device::int_scan_req member. Seen with syzkaller: UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1208:5 index 0 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]') This was missed in the initial conversions because I failed to locate the allocation likely due to the "sizeof(void *)" not matching the "channels" array type.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 18, 2025
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

e3eac9f32ec04112b39e01b574ac739382469bf9 < fde33ab3c052a302ee8a0b739094b88ceae4dd67 e3eac9f32ec04112b39e01b574ac739382469bf9 < 07c737d9ab02c07b562aefcca16aa95077368e24 e3eac9f32ec04112b39e01b574ac739382469bf9 < e3192e999a0d05ea0ba2c59c09afaf0b8ee70b81 e3eac9f32ec04112b39e01b574ac739382469bf9 < 82bbe02b2500ef0a62053fe2eb84773fe31c5a0a

Linux / Linux

6.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/fde33ab3c052a302ee8a0b739094b88ceae4dd67 git.kernel.org: https://git.kernel.org/stable/c/07c737d9ab02c07b562aefcca16aa95077368e24 git.kernel.org: https://git.kernel.org/stable/c/e3192e999a0d05ea0ba2c59c09afaf0b8ee70b81 git.kernel.org: https://git.kernel.org/stable/c/82bbe02b2500ef0a62053fe2eb84773fe31c5a0a