CVE-2025-71227
Received Received - Intake

Improper Channel Validation Warning in Linux mac80211 Wi-Fi

Vulnerability report for CVE-2025-71227, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-18

Last updated on: 2026-03-18

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning (channel is checked to be usable by cfg80211_get_ies_channel_number) and connecting on the channel later. With one scenario that isn't covered elsewhere described above, the warning isn't good, replace it with a (more informative) error message.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-18
Last Modified
2026-03-18
Generated
2026-07-06
AI Q&A
2026-02-18
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 3.8 (inc) to 6.18.10 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

The vulnerability could cause the Linux kernel to produce warnings when connecting to wifi channels that have become invalid due to regulatory changes. This might lead to confusion or misinterpretation of the system's state. The fix improves the clarity of error reporting, potentially reducing troubleshooting difficulties and improving system stability when dealing with dynamic regulatory changes.

Compliance Impact

I don't know

Executive Summary

This vulnerability relates to the Linux kernel's wifi mac80211 component. It involves the system generating warnings when attempting to connect on invalid wifi channels. The issue arises because a channel that was initially considered usable during scanning might become disabled due to regulatory changes before the connection attempt. Instead of a warning, the fix replaces it with a more informative error message to better handle this scenario.

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71227. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart