Linux Kernel Vulnerability in iwlwifi Wi-Fi Driver
CVE-2025-21905

7.1HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 April 2025

Summary

A vulnerability within the iwlwifi driver in the Linux kernel has been identified that allows reading data beyond the intended buffer size. This weakness arises when the firmware file lacks proper NUL-termination, potentially leading to out-of-bounds reads when the last TLV in the file is processed. To mitigate this issue, a fix has been implemented that restricts the printed string format to align with the available buffer size, thereby enhancing the integrity and security of the system.

Affected Version(s)

Linux aee1b6385e29e472ae5592b9652b750a29bf702e < 38f0d398b6d7640d223db69df022c4a232f24774

Linux aee1b6385e29e472ae5592b9652b750a29bf702e

Linux aee1b6385e29e472ae5592b9652b750a29bf702e < 47616b82f2d42ea2060334746fed9a2988d845c9

References

https://git.kernel.org/stable/c/38f0d398b6d7640d223db69df...

https://git.kernel.org/stable/c/c0e626f2b2390472afac52dfe...

https://git.kernel.org/stable/c/47616b82f2d42ea2060334746...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Dec 29, 2024