CVE-2025-71227

ADVISORY - nist

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: don't WARN for connections on invalid channels

It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning (channel is checked to be usable by cfg80211_get_ies_channel_number) and connecting on the channel later.

With one scenario that isn't covered elsewhere described above, the warning isn't good, replace it with a (more informative) error message.

EPSS Score: 0.001 (0.010)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

UPDATED

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

5.5medium

Debian

CREATED

UPDATED

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium

Red Hat

CREATED

UPDATED

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5low

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-6p3v-p6v9-r8pr

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY