CVE-2025-39891
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chan_stats array to zero The adapter->chan_stats[] array is initialized in mwifiex_init_channel_scan_gap() with vmalloc(), which doesn't zero out memory. The array is filled in mwifiex_update_chan_statistics() and then the user can query the data in mwifiex_cfg80211_dump_survey(). There are two potential issues here. What if the user calls mwifiex_cfg80211_dump_survey() before the data has been filled in. Also the mwifiex_update_chan_statistics() function doesn't necessarily initialize the whole array. Since the array was not initialized at the start that could result in an information leak. Also this array is pretty small. It's a maximum of 900 bytes so it's more appropriate to use kcalloc() instead vmalloc().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2025-11-03
Generated
2026-06-16
AI Q&A
2025-10-01
EPSS Evaluated
2026-06-14
NVD
CVE-2025-39891
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.1.153
linux linux_kernel 5.10.244
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel's mwifiex wifi driver involves the chan_stats array not being properly initialized to zero. The array is allocated with vmalloc(), which does not zero memory, and it may be queried by users before being fully filled or initialized by the driver functions. This can lead to uninitialized memory being exposed, potentially leaking sensitive information. Additionally, the array is small enough that using kcalloc() (which zeros memory) would be more appropriate than vmalloc().

Impact Analysis

The vulnerability can lead to an information leak where uninitialized memory contents are exposed to users querying the chan_stats array. This could potentially reveal sensitive or unintended data from kernel memory, which might be exploited by attackers to gain information about the system or its state.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the mwifiex driver properly initializes the chan_stats array to zero, replacing vmalloc() with kcalloc() in mwifiex_init_channel_scan_gap(). This prevents potential information leaks by ensuring the array is zeroed before use.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39891. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart