Information Leak in Linux Kernel's mwifiex Wireless Adapter
CVE-2025-39891
What is CVE-2025-39891?
A vulnerability has been identified in the mwifiex wireless adapter of the Linux kernel, where the chan_stats array is not properly initialized before use. This lack of initialization can lead to an information leak if the user accesses the array before it has been populated with valid data. The mwifiex_update_chan_statistics() function does not guarantee the entire array is initialized, creating further risks. For optimal safety, it is recommended that the chan_stats array be allocated using kcalloc() instead of vmalloc() to ensure it is properly zeroed out, thus mitigating the chance of exposing sensitive information.
Affected Version(s)
Linux bf35443314acb43fa8a3f9f8046e14cbe178762b < 9eb0118b3470b4d2e4e3bbb1fc088b30c0285d65
Linux bf35443314acb43fa8a3f9f8046e14cbe178762b < 05daef0442d28350a1a0d6d0e2cab4a7a91df475
Linux bf35443314acb43fa8a3f9f8046e14cbe178762b