CVE-2025-71227

CWE-3938 documents8 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 96.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 18

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning (channel is checked to be usable by cfg80211_get_ies_channel_number) and connecting on the channel later. With one scenario that isn't covered elsewhere described above, the warning isn't good, replace it

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel3.86.18.10+1
CVEListV5linux/linuxf2d9d270c15ae0139b54a7e7466d738327e97e0310d3ff7e5812c8d70300f6fa8f524009a06aa7e1+2
Debianlinux< 6.18.10-1

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2025-71227: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to2026-02-18
GHSA
GHSA-c5gg-v573-hv7f: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (t2026-02-18
CVEList
wifi: mac80211: don't WARN for connections on invalid channels2026-02-18

📋Vendor Advisories

3
Red Hat
kernel: wifi: mac80211: don't WARN for connections on invalid channels2026-02-18
Microsoft
wifi: mac80211: don't WARN for connections on invalid channels2026-02-10
Debian
CVE-2025-71227: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-71227 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-71227 (MEDIUM CVSS 5.5) | In the Linux kernel | cvebase.io