CVE-2025-38013

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-38013
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38013.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38013
Downstream
Related
Published
2025-06-18T09:28:22.672Z
Modified
2026-03-20T12:42:37.683717Z
Summary
wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: Set nchannels after allocating struct cfg80211scan_request

Make sure that nchannels is set after allocating the struct cfg80211registereddevice::intscan_req member. Seen with syzkaller:

UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1208:5 index 0 is out of range for type 'struct ieee80211_channel *[] _countedby(nchannels)' (aka 'struct ieee80211channel *[]')

This was missed in the initial conversions because I failed to locate the allocation likely due to the "sizeof(void *)" not matching the "channels" array type.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38013.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e3eac9f32ec04112b39e01b574ac739382469bf9
Fixed
fde33ab3c052a302ee8a0b739094b88ceae4dd67
Fixed
07c737d9ab02c07b562aefcca16aa95077368e24
Fixed
e3192e999a0d05ea0ba2c59c09afaf0b8ee70b81
Fixed
82bbe02b2500ef0a62053fe2eb84773fe31c5a0a

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38013.json"