CVE-2025-39952

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-39952
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39952.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-39952
Downstream
Related
Published
2025-10-04T07:31:12.445Z
Modified
2026-03-12T02:14:29.597909Z
Summary
wifi: wilc1000: avoid buffer overflow in WID string configuration
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: wilc1000: avoid buffer overflow in WID string configuration

Fix the following copy overflow warning identified by Smatch checker.

drivers/net/wireless/microchip/wilc1000/wlancfg.c:184 wilcwlanparseresponse_frame() error: '__memcpy()' 'cfg->s[i]->str' copy overflow (512 vs 65537)

This patch introduces size check before accessing the memory buffer. The checks are base on the WID type of received data from the firmware. For WID string configuration, the size limit is determined by individual element size in 'struct wilccfgstrvals' that is maintained in 'len' field of 'struct wilccfg_str'.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39952.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
c5c77ba18ea66aa05441c71e38473efb787705a4
Fixed
6085291a1a5865d4ad70f0e5812d524ebd5d1711
Fixed
2203ef417044b10a8563ade6a17c74183745d72e
Fixed
ae50f8562306a7ea1cf3c9722f97ee244f974729
Fixed
fe9e4d0c39311d0f97b024147a0d155333f388b5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39952.json"