PT-2025-9969 · Linux+7 · Linux Kernel+7

Published

2025-01-02

·

Updated

2026-04-20

·

CVE-2025-21828

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A issue in the Linux kernel has been identified where the wifi mac80211 module may crash when trying to flush a non-uploaded station. This occurs when the station's state is pre-moved to AUTHORIZED, such as in IBSS scenarios, and insertion fails, causing the station to be freed without the driver being aware of it.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

ALSA-2025:20095
ALSA-2025:20518
BDU:2025-11983
CVE-2025-21828
INFSA-2025_20518
OESA-2025-1339
OESA-2025-1340
OPENSUSE-SU-2025_1177-1
OPENSUSE-SU-2025_1178-1
OPENSUSE-SU-2025_1180-1
RHSA-2025:20095
RHSA-2025:20518
RHSA-2025_20518
SUSE-SU-2025:01919-1
SUSE-SU-2025:1177-1
SUSE-SU-2025:1178-1
SUSE-SU-2025:1180-1
SUSE-SU-2025:20190-1
SUSE-SU-2025:20192-1
SUSE-SU-2025:20260-1
SUSE-SU-2025:20270-1
SUSE-SU-2025_1177-1
SUSE-SU-2025_1178-1
SUSE-SU-2025_1180-1
USN-7521-1
USN-7521-2
USN-7521-3
USN-7651-1
USN-7651-2
USN-7651-3
USN-7651-4
USN-7651-5
USN-7651-6
USN-7652-1
USN-7653-1
USN-7737-1

Affected Products

Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu