CVE-2025-21828

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-21828

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21828.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-21828

Downstream

BELL-CVE-2025-21828

DEBIAN-CVE-2025-21828

OESA-2025-1339

OESA-2025-1340

SUSE-SU-2025:01919-1

SUSE-SU-2025:1177-1

SUSE-SU-2025:1178-1

SUSE-SU-2025:1180-1

UBUNTU-CVE-2025-21828

USN-7521-1

USN-7521-3

USN-7651-1

USN-7651-2

USN-7651-3

USN-7651-4

USN-7651-5

USN-7651-6

USN-7652-1

USN-7653-1

USN-7737-1

Related

Published

2025-03-06T16:15:55Z

Modified

2025-08-09T20:01:26Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: don't flush non-uploaded STAs

If STA state is pre-moved to AUTHORIZED (such as in IBSS scenarios) and insertion fails, the station is freed. In this case, the driver never knew about the station, so trying to flush it is unexpected and may crash.

Check if the sta was uploaded to the driver before and fix this.

References

Affected packages