CVE-2025-37973

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A issue in the Linux kernel has been identified, related to out-of-bounds access during multi-link element defragmentation in the cfg80211 module. The problem occurs when calculating the length of remaining IEs after the multi-link element in the cfg80211 defrag mle() function. This could lead to out-of-bounds access if the multi-link element or its corresponding fragment elements are the last elements in the IEs buffer. The issue is resolved by correctly calculating the remaining IEs length.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2025-11864

CVE-2025-37973

MGASA-2025-0182

MGASA-2025-0183

SUSE-SU-2025:02249-1

SUSE-SU-2025:02254-1

SUSE-SU-2025:02307-1

SUSE-SU-2025:02333-1

SUSE-SU-2025:02335-1

SUSE-SU-2025:02538-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:20475-1

SUSE-SU-2025:20483-1

SUSE-SU-2025:20493-1

SUSE-SU-2025:20498-1

SUSE-SU-2025_02249-1

SUSE-SU-2025_02254-1

SUSE-SU-2025_02307-1

SUSE-SU-2025_02333-1

SUSE-SU-2025_02335-1

SUSE-SU-2025_02538-1

USN-7699-1

USN-7699-2

USN-7721-1

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2025-37973

Weakness Enumeration

Related Identifiers

Affected Products

References · 2379