AZL-77880

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77880.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-77880

Upstream

CVE-2025-71227

Published

2026-02-18T15:18:40Z

Modified

2026-04-21T04:34:20.906903Z

Summary

CVE-2025-71227 affecting package kernel 6.6.126.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: don't WARN for connections on invalid channels

It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning (channel is checked to be usable by cfg80211getieschannelnumber) and connecting on the channel later.

With one scenario that isn't covered elsewhere described above, the warning isn't good, replace it with a (more informative) error message.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-71227

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

6.6.126.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77880.json"