Linux Kernel Vulnerability in Wifi Management by Vendor Linux
CVE-2025-38657

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38657?

A vulnerability in the Linux kernel's wifi management component has been identified where an incorrect 'link_id' value from the user via debugfs could lead to shift wrapping. This potentially results in out-of-bounds access, which could compromise system integrity. The vulnerability limits the 'link_id' to a maximum of 15, aligning with IEEE80211_MLD_MAX_NUM_LINKS. Given that only root users can write to debugfs files, the security implications are minimized but still warrant attention.

Affected Version(s)

Linux 9dd85e739ce0765f022014c3e0713e1007d7ef60 < 417cfa9cc44fbe6bceab786f9a4ee5a210f1288e

Linux 9dd85e739ce0765f022014c3e0713e1007d7ef60 < 53cf488927a0f79968f9c03c4d1e00d2a79731c3

Linux 6.16

References

https://git.kernel.org/stable/c/417cfa9cc44fbe6bceab786f9...

https://git.kernel.org/stable/c/53cf488927a0f79968f9c03c4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025