Linux Kernel mac80211 Use-After-Free Vulnerability in ieee80211_scan_rx

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's mac80211 component, specifically within the ieee80211_scan_rx() function. This vulnerability arises because ieee80211_scan_rx() accesses scan_req->flags after performing a null check, leading to a use-after-free condition. The issue occurs when a scan is completed, and __ieee80211_scan_completed() is executed, which frees the scan_req. To address this, the function should ensure that scan_req is not accessed from an RCU read critical section before calling cfg80211_scan_done().

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, potentially allowing for arbitrary code execution or memory corruption.

Added: Jun 18, 2025, 10:29 PM

Updated: Jun 18, 2025, 10:29 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel mac80211 Use-After-Free Vulnerability in ieee80211_scan_rx

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating