Описание
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.
Отчет
A bounds check was missing when copying the SSID IE in __cfg80211_connect_result(), allowing an over-length SSID element to overflow a fixed-size kernel buffer. A malicious AP or 802.11 frame injector in radio range could trigger kernel memory corruption during connection/auto-connect, leading to crash or potential code execution.
Меры по смягчению последствий
To mitigate this issue, prevent module cfg80211 from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Out of support scope | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel-rt | Affected | ||
| Red Hat Enterprise Linux 10 | kernel | Fixed | RHSA-2025:19106 | 27.10.2025 |
| Red Hat Enterprise Linux 10 | kernel | Fixed | RHSA-2025:21118 | 12.11.2025 |
| Red Hat Enterprise Linux 8 | kernel-rt | Fixed | RHSA-2025:19103 | 27.10.2025 |
| Red Hat Enterprise Linux 8 | kernel | Fixed | RHSA-2025:19102 | 27.10.2025 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2025:18281 | 20.10.2025 |
| Red Hat Enterprise Linux 9 | kernel | Fixed | RHSA-2025:21112 | 12.11.2025 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.
wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()
In the Linux kernel, the following vulnerability has been resolved: w ...
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.
EPSS
7.5 High
CVSS3