CVE-2025-38657
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38657
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38657.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38657
- Downstream
- Published
- 2025-08-22T16:01:00.512Z
- Modified
- 2025-12-02T17:05:59.992812Z
- Summary
- wifi: rtw89: mcc: prevent shift wrapping in rtw89_core_mlsr_switch()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: mcc: prevent shift wrapping in rtw89coremlsr_switch()
The "linkid" value comes from the user via debugfs. If it's larger than BITSPERLONG then that would result in shift wrapping and potentially an out of bounds access later. In fact, we can limit it to IEEE80211MLDMAXNUM_LINKS (15).
Fortunately, only root can write to debugfs files so the security impact is minimal.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38657.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/417cfa9cc44fbe6bceab786f9a4ee5a210f1288e
- https://git.kernel.org/stable/c/53cf488927a0f79968f9c03c4d1e00d2a79731c3
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38657.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-38657