2440641 – (CVE-2025-71227) CVE-2025-71227 kernel: wifi: mac80211: don't WARN for connections on invalid channels

Bug 2440641 (CVE-2025-71227) - CVE-2025-71227 kernel: wifi: mac80211: don't WARN for connections on invalid channels

Summary: CVE-2025-71227 kernel: wifi: mac80211: don't WARN for connections on invalid ...

Keywords:
Status:	NEW
Alias:	CVE-2025-71227
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-18 15:03 UTC by OSIDB Bzimport
Modified:	2026-02-20 20:09 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-18 15:03:24 UTC

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: don't WARN for connections on invalid channels

It's not clear (to me) how exactly syzbot managed to hit this,
but it seems conceivable that e.g. regulatory changed and has
disabled a channel between scanning (channel is checked to be
usable by cfg80211_get_ies_channel_number) and connecting on
the channel later.

With one scenario that isn't covered elsewhere described above,
the warning isn't good, replace it with a (more informative)
error message.

Comment 1 Alexander B 2026-02-18 17:52:27 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026021859-CVE-2025-71227-949c@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.