Bug 2396934 (CVE-2025-39864)

Summary: CVE-2025-39864 kernel: wifi: cfg80211: fix use-after-free in cmp_bss()
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A use after free vulnerbility exists in the linux kernel wifi module in the cmp_bss() function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2025-09-19 16:02:36 UTC 
In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: fix use-after-free in cmp_bss()

Following bss_free() quirk introduced in commit 776b3580178f
("cfg80211: track hidden SSID networks properly"), adjust
cfg80211_update_known_bss() to free the last beacon frame
elements only if they're not shared via the corresponding
'hidden_beacon_bss' pointer.
Comment 1 Jon Moroney 2025-09-19 16:48:11 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025091906-CVE-2025-39864-a3a2@gregkh/T
Comment 4 errata-xmlrpc 2025-11-03 09:00:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:19440 https://access.redhat.com/errata/RHSA-2025:19440
Comment 5 errata-xmlrpc 2025-11-03 09:30:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:19447 https://access.redhat.com/errata/RHSA-2025:19447
Comment 7 errata-xmlrpc 2025-11-10 03:49:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:19962 https://access.redhat.com/errata/RHSA-2025:19962
Comment 8 errata-xmlrpc 2025-11-12 05:14:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:21083 https://access.redhat.com/errata/RHSA-2025:21083
Comment 9 errata-xmlrpc 2025-11-12 05:16:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:21084 https://access.redhat.com/errata/RHSA-2025:21084
Comment 10 errata-xmlrpc 2025-11-17 08:14:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:21463 https://access.redhat.com/errata/RHSA-2025:21463
Comment 11 errata-xmlrpc 2025-12-01 09:48:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:22392 https://access.redhat.com/errata/RHSA-2025:22392
Comment 12 errata-xmlrpc 2025-12-01 10:39:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:22405 https://access.redhat.com/errata/RHSA-2025:22405
Comment 13 errata-xmlrpc 2025-12-04 12:46:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:22752 https://access.redhat.com/errata/RHSA-2025:22752
Comment 15 errata-xmlrpc 2025-12-17 01:11:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:23424 https://access.redhat.com/errata/RHSA-2025:23424
Comment 16 errata-xmlrpc 2025-12-17 01:14:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:23422 https://access.redhat.com/errata/RHSA-2025:23422
Comment 17 errata-xmlrpc 2025-12-17 03:26:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:23426 https://access.redhat.com/errata/RHSA-2025:23426
Comment 18 errata-xmlrpc 2025-12-17 03:41:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:23423 https://access.redhat.com/errata/RHSA-2025:23423
Comment 19 errata-xmlrpc 2025-12-17 07:47:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:23445 https://access.redhat.com/errata/RHSA-2025:23445
Comment 20 errata-xmlrpc 2025-12-17 17:24:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:23450 https://access.redhat.com/errata/RHSA-2025:23450