CVE-2025-39919

high

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: add missing check for rx wcid entries Non-station wcid entries must not be passed to the rx functions. In case of the global wcid entry, it could even lead to corruption in the wcid array due to pointer being casted to struct mt7996_sta_link using container_of.

References

https://git.kernel.org/stable/c/69dcc19048fcdc3fb166fd25b805470ee8fc0eb1

https://git.kernel.org/stable/c/4a522b01e368eec58d182ecc47d24f49a39e440d

Details

Source: Mitre, NVD

Published: 2025-10-01

Updated: 2025-10-02

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00018