CVE-2025-71227

medium

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning (channel is checked to be usable by cfg80211_get_ies_channel_number) and connecting on the channel later. With one scenario that isn't covered elsewhere described above, the warning isn't good, replace it with a (more informative) error message.

References

https://git.kernel.org/stable/c/99067b58a408a384d2a45c105eb3dce980a862ce

https://git.kernel.org/stable/c/10d3ff7e5812c8d70300f6fa8f524009a06aa7e1

Details

Source: Mitre, NVD

Published: 2026-02-18

Updated: 2026-02-18

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H