CVE-2025-38657
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-22

Last updated on: 2025-11-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: mcc: prevent shift wrapping in rtw89_core_mlsr_switch() The "link_id" value comes from the user via debugfs. If it's larger than BITS_PER_LONG then that would result in shift wrapping and potentially an out of bounds access later. In fact, we can limit it to IEEE80211_MLD_MAX_NUM_LINKS (15). Fortunately, only root can write to debugfs files so the security impact is minimal.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-22
Last Modified
2025-11-26
Generated
2026-06-16
AI Q&A
2025-08-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-38657
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.16
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's wifi driver rtw89, specifically in the mcc component. The issue arises because the 'link_id' value, which is provided by the user through debugfs, can be larger than BITS_PER_LONG. This causes a shift wrapping problem in the function rtw89_core_mlsr_switch(), potentially leading to an out of bounds memory access. The fix limits 'link_id' to IEEE80211_MLD_MAX_NUM_LINKS (15) to prevent this.

Impact Analysis

The vulnerability could potentially lead to an out of bounds memory access in the wifi driver, which might cause system instability or security issues. However, since only root users can write to debugfs files, the security impact is minimal.

Mitigation Strategies

Since the vulnerability involves the 'link_id' value being written via debugfs by root, immediate mitigation steps include restricting root access to the system and avoiding writing to the affected debugfs files until the kernel is updated with the fix. Applying the updated Linux kernel that includes the patch preventing shift wrapping in rtw89_core_mlsr_switch() is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-38657. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart