CVE-2025-71224

Vulnerability

Description

The vulnerability resides in the Linux kernel's mac80211 subsystem, specifically in the OCB (Outside the Context of a BSS) mode for wireless interfaces. The function ieee80211_ocb_rx_no_sta() assumes a valid channel context is always present, but that context is only established after a JOIN_OCB command has been executed. If an RX packet arrives before the interface has joined an OCB channel, the function can trigger a kernel warning or potentially other undefined behavior due to the missing context [1].

Exploitation

Conditions

An attacker within radio range of a system with an OCB-capable wireless interface could trigger this vulnerability by sending a frame to the interface before the system has joined an OCB channel. This requires no authentication or special access; the frame simply needs to arrive during the brief window between interface initialization and the JOIN_OCB operation. In practice, this window is small but can be reliably triggered by a local attacker [1][2].

Impact

Successful exploitation could lead to a kernel warning in ieee80211_ocb_rx_no_sta() that may degrade system performance or, in some configurations, lead to a denial of service due to repeated warning printk calls. The impact is limited to a warning and does not appear to allow code execution or privilege escalation [1].

Mitigation

The fix, which introduces a check to skip RX peer handling when the interface handling when not joined, has been applied in the kernel stable tree as commit 8fd1c63e01 and is part of subsequent stable releases. Systems applying the latest updates are protected. No workaround is available; applying the kernel patch is the recommended action [1][2].