CVE-2025-71224
Use-After-Free in Linux mac80211 OCB RX Path Causes Warnings
Publication date: 2026-02-14
Last updated on: 2026-02-14
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's mac80211 wireless subsystem, specifically in the OCB (Outside the Context of a BSS) mode. The function ieee80211_ocb_rx_no_sta() assumes that a valid channel context is present, which only occurs after the interface has joined OCB mode (JOIN_OCB). However, the RX (receive) path may be executed before JOIN_OCB is completed, meaning the interface is not yet operational. This can lead to warnings or improper handling of received packets because the RX peer handling is done when the interface is not properly joined.
The fix involves skipping RX peer handling when the interface is not joined to avoid these warnings and potential issues in the RX path.
How can this vulnerability impact me? :
If this vulnerability is present, it can cause warnings or errors in the wireless receive path of the Linux kernel when the OCB interface is not properly joined. This may lead to instability or unexpected behavior in wireless communications using OCB mode.
However, there is no indication from the provided information that this vulnerability leads to privilege escalation, data leakage, or other direct security breaches.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know