CVE-2025-37973

wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation

Severity Score

7.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Currently during the multi-link element defragmentation process, the
multi-link element length added to the total IEs length when calculating
the length of remaining IEs after the multi-link element in
cfg80211_defrag_mle(). This could lead to out-of-bounds access if the
multi-link element or its corresponding fragment elements are the last
elements in the IEs buffer. To address this issue, correctly calculate the remaining IEs length by
deducting the multi-link element end offset from total IEs end offset.

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Currently during the multi-link element defragmentation process, the multi-link element length added to the total IEs length when calculating the length of remaining IEs after the multi-link element in cfg80211_defrag_mle(). This could lead to out-of-bounds access if the multi-link element or its corresponding fragment elements are the last elements in the IEs buffer. To address this issue, correctly calculate the remaining IEs length by deducting the multi-link element end offset from total IEs end offset.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-05-20 CVE Published
2025-05-20 CVE Updated
2025-05-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/2481b5da9c6b2ee1fde55a1c29eb2ca377145a10	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/73dde269a1a43e6b1aa92eba13ad2df58bfdd38e	2025-05-18
https://git.kernel.org/stable/c/9423f6da825172b8dc60d4688ed3d147291c3be9	2025-05-18
https://git.kernel.org/stable/c/e1c6d0c6199bd5f4cfc7a66ae7032b6e805f904d	2025-05-18
https://git.kernel.org/stable/c/023c1f2f0609218103cbcb48e0104b144d4a16dc	2025-05-06

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.5 < 6.6.91 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.6.91"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.5 < 6.12.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.12.29"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.5 < 6.14.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.14.7"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.5 < 6.15-rc6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.5 < 6.15-rc6"		en		Affected