CVE-2025-21828Improper Input Validation in Linux

CWE-20Improper Input Validation29 documents6 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV7.1OSV5.9
EPSS
0.0%
top 95.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedMar 6
Latest updateSep 3

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't flush non-uploaded STAs If STA state is pre-moved to AUTHORIZED (such as in IBSS scenarios) and insertion fails, the station is freed. In this case, the driver never knew about the station, so trying to flush it is unexpected and may crash. Check if the sta was uploaded to the driver before and fix this.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel6.46.6.76+2
Debianlinux/linux_kernel< 6.12.13-1+1
Ubuntulinux/linux_kernel< 6.8.0-64.67
CVEListV5linux/linuxd00800a289c9349bb659a698cbd7bc04521dc927cf21ef3d430847ba864bbc9b2774fffcc03ce321+4
debiandebian/linux< linux 6.12.13-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

14
OSV
linux-azure, linux-azure-6.8, linux-azure-nvidia vulnerabilities2025-09-03
OSV
linux-raspi vulnerabilities2025-07-24
OSV
linux-raspi-realtime vulnerabilities2025-07-24
OSV
linux-gcp, linux-gcp-6.8 vulnerabilities2025-07-22
OSV
linux-aws-6.8, linux-gke, linux-gkeop, linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency, linux-oracle, linux-oracle-6.8 vulnerabilities2025-07-22

📋Vendor Advisories

14
Ubuntu
Linux kernel (Azure) vulnerabilities2025-09-03
Ubuntu
Linux kernel (Raspberry Pi Real-time) vulnerabilities2025-07-24
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities2025-07-24
Ubuntu
Linux kernel (GCP) vulnerabilities2025-07-22
Ubuntu
Linux kernel vulnerabilities2025-07-22
CVE-2025-21828 — Improper Input Validation in Linux | cvebase