CVE-2025-39919

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-39919
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39919.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-39919
Downstream
Published
2025-10-01T07:55:14.804Z
Modified
2025-12-05T10:07:34.456815Z
Summary
wifi: mt76: mt7996: add missing check for rx wcid entries
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7996: add missing check for rx wcid entries

Non-station wcid entries must not be passed to the rx functions. In case of the global wcid entry, it could even lead to corruption in the wcid array due to pointer being casted to struct mt7996stalink using container_of.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39919.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7464b12b7d92b9641d4664735b9f3c3f0b6173d9
Fixed
69dcc19048fcdc3fb166fd25b805470ee8fc0eb1
Fixed
4a522b01e368eec58d182ecc47d24f49a39e440d

Affected versions

v6.*

v6.14
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.16.1
v6.16.2
v6.16.3
v6.16.4
v6.16.5
v6.17-rc1
v6.17-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39919.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.15.0
Fixed
6.16.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-39919.json"