CVE-2025-39862
BaseFortify
Publication date: 2025-09-19
Last updated on: 2025-12-12
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.2 (inc) to 6.16.6 (exc) |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
| linux | linux_kernel | 6.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is related to the Linux kernel's wifi driver for the mt7915 device. It involves list corruption that occurs after a hardware restart. Specifically, when stations are recreated from scratch during a restart, the lists that contain wcids (wireless client IDs) must be cleared properly. The fix involves setting the wcid->sta to 0 for each wcid entry to ensure they are not added again before they are ready, preventing list corruption.
How can this vulnerability impact me? :
The vulnerability can cause list corruption in the wifi driver after a hardware restart, which may lead to instability or malfunction of the wireless networking functionality on affected devices using the mt7915 driver in the Linux kernel.