Use-After-Free Vulnerability in Linux Kernel WiFi Configuration
CVE-2025-39864

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 19 September 2025

What is CVE-2025-39864?

A use-after-free vulnerability exists in the Linux kernel's cfg80211 module, specifically affecting the management of beacon frame elements in wireless network configurations. This issue arises during the processing of BSS (Basic Service Set) structures where the correct handling of the 'hidden_beacon_bss' pointer is crucial. If not addressed properly, this vulnerability can lead to unexpected behaviors or potential exploitation due to memory access violations. Mitigation involves adjustments to ensure proper memory management, especially when managing the lifecycle of the last beacon frame elements.

Affected Version(s)

Linux 3ab8227d3e7d1d2bf1829675d3197e3cb600e9f6

References

https://git.kernel.org/stable/c/a8bb681e879ca3c9f722aa08d...

https://git.kernel.org/stable/c/a97a9791e455bb0cd5e7a38b5...

https://git.kernel.org/stable/c/ff040562c10a540b8d851f7f4...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2025
Vulnerability Reserved
Apr 16, 2025