Linux Kernel ath11k Buffer Overflow Vulnerability in Active Probe SSID and BSSID Handling

Vulnerability

A buffer overflow vulnerability has been identified in the Linux kernel's ath11k wireless driver. This issue arises from a mismatch between the reported maximum number of SSIDs for active probe requests and the actual capacity of the scan request parameters structure. The driver reports a maximum of 16 SSIDs, while the structure can only hold 10. This discrepancy allows for a buffer overflow that can be triggered by wpa_supplicant in userspace. The vulnerability occurs when the SSIDs are copied into the scan request parameters, potentially overwriting important data such as the extra IE pointer.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in arbitrary code execution or memory corruption.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ath11k Buffer Overflow Vulnerability in Active Probe SSID and BSSID Handling

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating