CVE-2025-71227

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: don't WARN for connections on invalid channels

It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning (channel is checked to be usable by cfg80211_get_ies_channel_number) and connecting on the channel later.

With one scenario that isn't covered elsewhere described above, the warning isn't good, replace it with a (more informative) error message.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf2d9d270c15ae0139b54a7e7466d738327e97e03 < 10d3ff7e5812c8d70300f6fa8f524009a06aa7e1affected
LinuxLinuxf2d9d270c15ae0139b54a7e7466d738327e97e03 < 99067b58a408a384d2a45c105eb3dce980a862ceaffected
LinuxLinux3.8affected
LinuxLinux0 < 3.8unaffected
LinuxLinux6.18.10 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References