CVE-2025-71227

MEDIUM

Linux Kernel 3.8-6.18.10 - Denial of Service via Invalid WiFi Channel Connection

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning (channel is checked to be usable by cfg80211_get_ies_channel_number) and connecting on the channel later. With one scenario that isn't covered elsewhere described above, the warning isn't good, replace it with a (more informative) error message.

References (2)

Core 2

Core References

Patch

https://git.kernel.org/stable/c/10d3ff7e5812c8d70300f6fa8f524009a06aa7e1

Patch

https://git.kernel.org/stable/c/99067b58a408a384d2a45c105eb3dce980a862ce

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 5.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (9)

linux/Kernel 3.8.0 - 6.18.10linux

Linux/Linux < 3.8

Linux/Linux 3.8

Linux/Linux 6.18.10 - 6.18.*

Linux/Linux 6.19

Linux/Linux f2d9d270c15ae0139b54a7e7466d738327e97e03 - 10d3ff7e5812c8d70300f6fa8f524009a06aa7e1

Linux/Linux f2d9d270c15ae0139b54a7e7466d738327e97e03 - 99067b58a408a384d2a45c105eb3dce980a862ce

linux/linux_kernel 6.19 rc1 (3 CPE variants)

linux/linux_kernel 3.8 - 6.18.10

Published Feb 18, 2026

Tracked Since Feb 18, 2026