CVE-2025-71227
Received Received - Intake
Improper Channel Validation Warning in Linux mac80211 Wi-Fi

Publication date: 2026-02-18

Last updated on: 2026-03-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning (channel is checked to be usable by cfg80211_get_ies_channel_number) and connecting on the channel later. With one scenario that isn't covered elsewhere described above, the warning isn't good, replace it with a (more informative) error message.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-18
Last Modified
2026-03-18
Generated
2026-06-16
AI Q&A
2026-02-18
EPSS Evaluated
2026-06-15
NVD
CVE-2025-71227
EUVD
EUVD-2025-207830
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 3.8 (inc) to 6.18.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability could cause the Linux kernel to produce warnings when connecting to wifi channels that have become invalid due to regulatory changes. This might lead to confusion or misinterpretation of the system's state. The fix improves the clarity of error reporting, potentially reducing troubleshooting difficulties and improving system stability when dealing with dynamic regulatory changes.

Compliance Impact

I don't know

Executive Summary

This vulnerability relates to the Linux kernel's wifi mac80211 component. It involves the system generating warnings when attempting to connect on invalid wifi channels. The issue arises because a channel that was initially considered usable during scanning might become disabled due to regulatory changes before the connection attempt. Instead of a warning, the fix replaces it with a more informative error message to better handle this scenario.

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71227. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart