{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-37973","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:23.975Z","datePublished":"2025-05-20T16:47:19.074Z","dateUpdated":"2026-05-11T21:18:49.271Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:18:49.271Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation\n\nCurrently during the multi-link element defragmentation process, the\nmulti-link element length added to the total IEs length when calculating\nthe length of remaining IEs after the multi-link element in\ncfg80211_defrag_mle(). This could lead to out-of-bounds access if the\nmulti-link element or its corresponding fragment elements are the last\nelements in the IEs buffer.\n\nTo address this issue, correctly calculate the remaining IEs length by\ndeducting the multi-link element end offset from total IEs end offset."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/wireless/scan.c"],"versions":[{"version":"2481b5da9c6b2ee1fde55a1c29eb2ca377145a10","lessThan":"73dde269a1a43e6b1aa92eba13ad2df58bfdd38e","status":"affected","versionType":"git"},{"version":"2481b5da9c6b2ee1fde55a1c29eb2ca377145a10","lessThan":"9423f6da825172b8dc60d4688ed3d147291c3be9","status":"affected","versionType":"git"},{"version":"2481b5da9c6b2ee1fde55a1c29eb2ca377145a10","lessThan":"e1c6d0c6199bd5f4cfc7a66ae7032b6e805f904d","status":"affected","versionType":"git"},{"version":"2481b5da9c6b2ee1fde55a1c29eb2ca377145a10","lessThan":"023c1f2f0609218103cbcb48e0104b144d4a16dc","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/wireless/scan.c"],"versions":[{"version":"6.5","status":"affected"},{"version":"0","lessThan":"6.5","status":"unaffected","versionType":"semver"},{"version":"6.6.91","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.29","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.14.7","lessThanOrEqual":"6.14.*","status":"unaffected","versionType":"semver"},{"version":"6.15","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.6.91"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.12.29"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.14.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.5","versionEndExcluding":"6.15"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/73dde269a1a43e6b1aa92eba13ad2df58bfdd38e"},{"url":"https://git.kernel.org/stable/c/9423f6da825172b8dc60d4688ed3d147291c3be9"},{"url":"https://git.kernel.org/stable/c/e1c6d0c6199bd5f4cfc7a66ae7032b6e805f904d"},{"url":"https://git.kernel.org/stable/c/023c1f2f0609218103cbcb48e0104b144d4a16dc"}],"title":"wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation","x_generator":{"engine":"bippy-1.2.0"}}}}