Buffer Overflow Vulnerability in Microchip Wireless Chipset
CVE-2025-39952

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2025-39952?

A vulnerability exists in the Microchip WILC1000 wireless chipset firmware that could allow a buffer overflow due to improper handling of WID string configurations. The issue is rooted in a failure to verify the size of the incoming data against the allocated buffer during the parsing of response frames. The correction adds necessary size checks based on the WID type of the data received, preventing potential overflow and ensuring the safe operation of the device.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6085291a1a5865d4ad70f0e5812d524ebd5d1711

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2203ef417044b10a8563ade6a17c74183745d72e

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/6085291a1a5865d4ad70f0e58...

https://git.kernel.org/stable/c/2203ef417044b10a8563ade6a...

https://git.kernel.org/stable/c/ae50f8562306a7ea1cf3c9722...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON