Unrated severityNVD Advisory· Published Aug 22, 2025· Updated Sep 29, 2025
wifi: rtw89: mcc: prevent shift wrapping in rtw89_core_mlsr_switch()
CVE-2025-38657
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: mcc: prevent shift wrapping in rtw89_core_mlsr_switch()
The "link_id" value comes from the user via debugfs. If it's larger than BITS_PER_LONG then that would result in shift wrapping and potentially an out of bounds access later. In fact, we can limit it to IEEE80211_MLD_MAX_NUM_LINKS (15).
Fortunately, only root can write to debugfs files so the security impact is minimal.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.