CVE-2025-38013

Published: Jun 18, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Make sure that n_channels is set after allocating the struct cfg80211_registered_device::int_scan_req member. Seen with syzkaller: UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1208:5 index 0 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]') This was missed in the initial conversions because I failed to locate the allocation likely due to the "sizeof(void *)" not matching the "channels" array type.

Vendor	Product	Versions
Linux	Linux	affected `e3eac9f32ec04112b39e01b574ac739382469bf9 - < fde33ab3c052a302ee8a0b739094b88ceae4dd67` affected `e3eac9f32ec04112b39e01b574ac739382469bf9 - < 07c737d9ab02c07b562aefcca16aa95077368e24` affected `e3eac9f32ec04112b39e01b574ac739382469bf9 - < e3192e999a0d05ea0ba2c59c09afaf0b8ee70b81` affected `e3eac9f32ec04112b39e01b574ac739382469bf9 - < 82bbe02b2500ef0a62053fe2eb84773fe31c5a0a`
Linux	Linux	affected `6.6` unaffected `0 - < 6.6` unaffected `6.6.92 - <= 6.6.` unaffected `6.12.30 - <= 6.12.` unaffected `6.14.8 - <= 6.14.*` +1 more versions

References

https://git.kernel.org/stable/c/fde33ab3c052a302ee8a0b739094b88ceae4dd67

https://git.kernel.org/stable/c/07c737d9ab02c07b562aefcca16aa95077368e24

https://git.kernel.org/stable/c/e3192e999a0d05ea0ba2c59c09afaf0b8ee70b81

https://git.kernel.org/stable/c/82bbe02b2500ef0a62053fe2eb84773fe31c5a0a

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-38013

Description

Affected Products

References