CVE-2025-38013

HIGH

Linux kernel - Array Index Out-of-Bounds

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Make sure that n_channels is set after allocating the struct cfg80211_registered_device::int_scan_req member. Seen with syzkaller: UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1208:5 index 0 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]') This was missed in the initial conversions because I failed to locate the allocation likely due to the "sizeof(void *)" not matching the "channels" array type.

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/fde33ab3c052a302ee8a0b739094b88ceae4dd67

Patch

https://git.kernel.org/stable/c/07c737d9ab02c07b562aefcca16aa95077368e24

Patch

https://git.kernel.org/stable/c/e3192e999a0d05ea0ba2c59c09afaf0b8ee70b81

Patch

https://git.kernel.org/stable/c/82bbe02b2500ef0a62053fe2eb84773fe31c5a0a

Scores

CVSS v3 7.8

EPSS 0.0016

EPSS Percentile 5.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-129

Status published

Products (15)

linux/Kernel 6.13.0 - 6.14.8linux

linux/Kernel 6.6.0 - 6.6.92linux

linux/Kernel 6.7.0 - 6.12.30linux

Linux/Linux < 6.6

Linux/Linux 6.12.30 - 6.12.*

Linux/Linux 6.14.8 - 6.14.*

Linux/Linux 6.15

Linux/Linux 6.6

Linux/Linux 6.6.92 - 6.6.*

Linux/Linux e3eac9f32ec04112b39e01b574ac739382469bf9 - 07c737d9ab02c07b562aefcca16aa95077368e24

... and 5 more

Published Jun 18, 2025

Tracked Since Feb 18, 2026