Buffer Length Validation Flaw in Linux Kernel Affects mac80211 WiFi Functionality
CVE-2025-39957

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 October 2025

What is CVE-2025-39957?

A vulnerability exists in the Linux kernel's mac80211 subsystem that affects the S1G capability element. The issue arises from insufficient handling of the scan_ies_len, causing a buffer length validation failure during hardware scans. This flaw results in a failure to initiate hardware scanning, which can lead to performance issues and potential unresponsiveness in WiFi functionalities. Mitigation has been implemented to ensure the S1G capability length is properly accounted for, enhancing the robustness of scanning features.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 16c9244a62116fe148f6961753b68e7160799f97

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 93e063f15e17acb8cd6ac90c8f0802c2624e1a74

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 32adb020b0c32939da1322dcc87fc0ae2bc935d1

References

https://git.kernel.org/stable/c/16c9244a62116fe148f696175...

https://git.kernel.org/stable/c/93e063f15e17acb8cd6ac90c8...

https://git.kernel.org/stable/c/32adb020b0c32939da1322dcc...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON