CVE-2025-39891
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-39891
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39891.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39891
- Downstream
- Related
- Published
- 2025-10-01T07:42:40.633Z
- Modified
- 2025-11-28T02:34:58.946679Z
- Summary
- wifi: mwifiex: Initialize the chan_stats array to zero
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: mwifiex: Initialize the chan_stats array to zero
The adapter->chanstats[] array is initialized in mwifiexinitchannelscangap() with vmalloc(), which doesn't zero out memory. The array is filled in mwifiexupdatechanstatistics() and then the user can query the data in mwifiexcfg80211dump_survey().
There are two potential issues here. What if the user calls mwifiexcfg80211dumpsurvey() before the data has been filled in. Also the mwifiexupdatechanstatistics() function doesn't necessarily initialize the whole array. Since the array was not initialized at the start that could result in an information leak.
Also this array is pretty small. It's a maximum of 900 bytes so it's more appropriate to use kcalloc() instead vmalloc().
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39891.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/05daef0442d28350a1a0d6d0e2cab4a7a91df475
- https://git.kernel.org/stable/c/06616410a3e5e6cd1de5b7cbc668f1a7edeedad9
- https://git.kernel.org/stable/c/0e20450829ca3c1dbc2db536391537c57a40fe0b
- https://git.kernel.org/stable/c/32c124c9c03aa755cbaf60ef7f76afd918d47659
- https://git.kernel.org/stable/c/5285b7009dc1e09d5bb9e05fae82e1a807882dbc
- https://git.kernel.org/stable/c/9df29aa5637d94d24f7c5f054ef4feaa7b766111
- https://git.kernel.org/stable/c/9eb0118b3470b4d2e4e3bbb1fc088b30c0285d65
- https://git.kernel.org/stable/c/acdf26a912190fc6746e2a890d7d0338190527b4
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39891.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-39891
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedbf35443314acb43fa8a3f9f8046e14cbe178762bFixed9eb0118b3470b4d2e4e3bbb1fc088b30c0285d65Fixed05daef0442d28350a1a0d6d0e2cab4a7a91df475Fixedacdf26a912190fc6746e2a890d7d0338190527b4Fixed32c124c9c03aa755cbaf60ef7f76afd918d47659Fixed9df29aa5637d94d24f7c5f054ef4feaa7b766111Fixed06616410a3e5e6cd1de5b7cbc668f1a7edeedad9Fixed5285b7009dc1e09d5bb9e05fae82e1a807882dbcFixed0e20450829ca3c1dbc2db536391537c57a40fe0b
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced3.19.0Fixed5.4.299
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.243
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.192
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.151
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.105
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.46
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.16.6