CVE-2025-38013
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request
Make sure that n_channels is set after allocating the struct cfg80211_registered_device::int_scan_req member. Seen with syzkaller:
UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:1208:5 index 0 is out of range for type 'struct ieee80211_channel *[] __counted_by(n_channels)' (aka 'struct ieee80211_channel *[]')
This was missed in the initial conversions because I failed to locate the allocation likely due to the "sizeof(void *)" not matching the "channels" array type.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 6.6 | 6.6.92 |
| linux / linux_kernel | 6.7 | 6.12.30 |
| linux / linux_kernel | 6.13 | 6.14.8 |
| linux / linux_kernel | 6.15-rc1 | 6.15-rc1.x |
| linux / linux_kernel | 6.15-rc2 | 6.15-rc2.x |
| linux / linux_kernel | 6.15-rc3 | 6.15-rc3.x |
| linux / linux_kernel | 6.15-rc4 | 6.15-rc4.x |
| linux / linux_kernel | 6.15-rc5 | 6.15-rc5.x |
| linux / linux_kernel | 6.15-rc6 | 6.15-rc6.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime