PT-2025-38571 · Linux+8 · Linux Kernel+8

Published

2025-04-16

·

Updated

2026-05-07

·

CVE-2025-39864

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw within the wifi subsystem, specifically in the cfg80211 component, leading to a use-after-free condition in the cmp bss() function. This issue was addressed by adjusting cfg80211 update known bss() to correctly manage the freeing of beacon frame elements, ensuring they are only freed if not shared through the hidden beacon bss pointer. The issue was introduced with commit 776b3580178f.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:19440
ALSA-2025:19447
ALSA-2025:22405
AZL-67575
AZL-74921
BDU:2025-13684
CESA-2025_19440
CESA-2025_19447
CVE-2025-39864
DLA-4327-1
DLA-4328-1
DSA-6008-1
DSA-6009-1
ECHO-5A97-E4A0-5B4B
INFESA-2025_0006
INFSA-2025_19440
INFSA-2025_19447
INFSA-2025_22405
OPENSUSE-SU-2025:20081-1
RHSA-2025:19440
RHSA-2025:19447
RHSA-2025:21083
RHSA-2025:23450
RHSA-2025_19440
RHSA-2025_19447
SUSE-SU-2025:03600-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3751-1
SUSE-SU-2025:4057-1
SUSE-SU-2025:4132-1
SUSE-SU-2025:4141-1
USN-7909-1
USN-7909-2
USN-7909-3
USN-7909-4
USN-7909-5
USN-7910-1
USN-7910-2
USN-7933-1
USN-7938-1
USN-8095-1
USN-8095-2
USN-8095-3
USN-8095-4
USN-8095-5
USN-8100-1
USN-8125-1
USN-8126-1
USN-8165-1
USN-8261-1

Affected Products

Almalinux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu