AZL-75122

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75122.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-75122

Upstream

CVE-2025-39891

Published

2025-10-01T08:15:31Z

Modified

2026-04-01T05:22:48.931732Z

Summary

CVE-2025-39891 affecting package kernel for versions less than 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mwifiex: Initialize the chan_stats array to zero

The adapter->chanstats[] array is initialized in mwifiexinitchannelscangap() with vmalloc(), which doesn't zero out memory. The array is filled in mwifiexupdatechanstatistics() and then the user can query the data in mwifiexcfg80211dump_survey().

There are two potential issues here. What if the user calls mwifiexcfg80211dumpsurvey() before the data has been filled in. Also the mwifiexupdatechanstatistics() function doesn't necessarily initialize the whole array. Since the array was not initialized at the start that could result in an information leak.

Also this array is pretty small. It's a maximum of 900 bytes so it's more appropriate to use kcalloc() instead vmalloc().

References

https://nvd.nist.gov/vuln/detail/CVE-2025-39891

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75122.json"