Bug 2396934 (CVE-2025-39864) - CVE-2025-39864 kernel: wifi: cfg80211: fix use-after-free in cmp_bss()
Summary: CVE-2025-39864 kernel: wifi: cfg80211: fix use-after-free in cmp_bss()
Keywords:
Status: NEW
Alias: CVE-2025-39864
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-19 16:02 UTC by OSIDB Bzimport
Modified: 2025-12-04 12:46 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:19440 0 None None None 2025-11-03 09:00:36 UTC
Red Hat Product Errata RHSA-2025:19447 0 None None None 2025-11-03 09:30:41 UTC
Red Hat Product Errata RHSA-2025:19962 0 None None None 2025-11-10 03:49:16 UTC
Red Hat Product Errata RHSA-2025:21083 0 None None None 2025-11-12 05:14:46 UTC
Red Hat Product Errata RHSA-2025:21084 0 None None None 2025-11-12 05:16:50 UTC
Red Hat Product Errata RHSA-2025:21463 0 None None None 2025-11-17 08:14:45 UTC
Red Hat Product Errata RHSA-2025:22392 0 None None None 2025-12-01 09:48:53 UTC
Red Hat Product Errata RHSA-2025:22405 0 None None None 2025-12-01 10:39:06 UTC
Red Hat Product Errata RHSA-2025:22752 0 None None None 2025-12-04 12:46:02 UTC

Description OSIDB Bzimport 2025-09-19 16:02:36 UTC 
In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: fix use-after-free in cmp_bss()

Following bss_free() quirk introduced in commit 776b3580178f
("cfg80211: track hidden SSID networks properly"), adjust
cfg80211_update_known_bss() to free the last beacon frame
elements only if they're not shared via the corresponding
'hidden_beacon_bss' pointer.
Comment 1 Jon Moroney 2025-09-19 16:48:11 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025091906-CVE-2025-39864-a3a2@gregkh/T
Comment 4 errata-xmlrpc 2025-11-03 09:00:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:19440 https://access.redhat.com/errata/RHSA-2025:19440
Comment 5 errata-xmlrpc 2025-11-03 09:30:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:19447 https://access.redhat.com/errata/RHSA-2025:19447
Comment 7 errata-xmlrpc 2025-11-10 03:49:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:19962 https://access.redhat.com/errata/RHSA-2025:19962
Comment 8 errata-xmlrpc 2025-11-12 05:14:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:21083 https://access.redhat.com/errata/RHSA-2025:21083
Comment 9 errata-xmlrpc 2025-11-12 05:16:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:21084 https://access.redhat.com/errata/RHSA-2025:21084
Comment 10 errata-xmlrpc 2025-11-17 08:14:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:21463 https://access.redhat.com/errata/RHSA-2025:21463
Comment 11 errata-xmlrpc 2025-12-01 09:48:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2025:22392 https://access.redhat.com/errata/RHSA-2025:22392
Comment 12 errata-xmlrpc 2025-12-01 10:39:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:22405 https://access.redhat.com/errata/RHSA-2025:22405
Comment 13 errata-xmlrpc 2025-12-04 12:46:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2025:22752 https://access.redhat.com/errata/RHSA-2025:22752
Note You need to log in before you can comment on or make changes to this bug.