Updated: 2025-12-01 03:47:16.095418
Description:
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free in chanctx code In ieee80211_vif_use_reserved_context(), when we have an old context and the new context's replace_state is set to IEEE80211_CHANCTX_REPLACE_NONE, we free the old context in ieee80211_vif_use_reserved_reassign(). Therefore, we cannot check the old_ctx anymore, so we should set it to NULL after this point. However, since the new_ctx replace state is clearly not IEEE80211_CHANCTX_REPLACES_OTHER, we're not going to do anything else in this function and can just return to avoid accessing the freed old_ctx.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.1 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.1 | HIGH | Released | CLSA-2025:1749568993 | 2025-06-11 00:59:05 | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.1 | HIGH | Released | CLSA-2025:1749562017 | 2025-06-11 00:59:06 | |
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.1 | HIGH | Already Fixed | 2025-06-25 02:56:24 |