805 matches found
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003330)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003330 advisory. Stack-based buffer overflow in the brcmfcfg80211startap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allo...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002314)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002314 advisory. The ath9khtcsetbssidmask function in drivers/net/wireless/ath/ath9k/htcdrvmain.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set ...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002476)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002476 advisory. Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002008)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002008 advisory. Format string vulnerability in the b43requestfirmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9...
CVE-2025-71100
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cutxfilldesc TID getting from ieee80211gettid might be out of range of array size of staentry-tids, so check TID is less than MAXTIDCOUNT. Othwerwise, UBSAN warn: UBSAN:...
ROS-20260113-7388
A vulnerability in the rtlwifi component of the Linux operating system kernel is related to insufficient blocking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
CVE-2023-50809
In certain Sonos products before S1 Release 11.12 and S2 release 15.9, the mt7615.ko wireless driver does not properly validate an information element during negotiation of a WPA2 four-way handshake. This lack of validation leads to a stack buffer overflow. This can result in remote code executio...
CVE-2022-38686
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000416)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000416 advisory. An array overflow was discovered in mt76addfragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized...
PT-2026-1322
Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor Exynos 1380 Samsung Mobile Processor Exynos 1480 Samsung Mobile Processor Exynos 2400 Samsung Mobile Processor Exynos 1580 Description A flaw exists in the WiFi driver of Samsung Mobile Processors. Improper handling of...
EUVD-2022-55915
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix use-after-free in ath9khifusbdisconnect This patch fixes a use-after-free in ath9k that occurs in ath9khifusbdisconnect when ath9kdestroywmi is trying to access 'drvpriv' that has already been freed by...
UBUNTU-CVE-2023-54300
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9kwmictrlrx For the reasons also described in commit b383e8abed41 "wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg", ath9khtcrxmsg should validate pktlen before accessing...
UBUNTU-CVE-2023-54229
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range Because of what seems to be a typo, a 6Ghz-only phy for which the BDF does not allow the 7115Mhz channel will fail to register: WARNING: CPU: 2 PID: 1...
UBUNTU-CVE-2022-50881
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix use-after-free in ath9khifusbdisconnect This patch fixes a use-after-free in ath9k that occurs in ath9khifusbdisconnect when ath9kdestroywmi is trying to access 'drvpriv' that has already been freed by...
CVE-2022-50829
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: Fix use-after-free in ath9khifusbregincb It is possible that skb is freed in ath9khtcrxmsg, then usbsubmiturb fails and we try to free skb again. It causes use-after-free bug. Moreover, if allocskb fails,...
CVE-2023-54300
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9kwmictrlrx For the reasons also described in commit b383e8abed41 "wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg", ath9khtcrxmsg should validate pktlen before accessing...
CVE-2022-50880 wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: add peer map clean up for peer delete in ath10kstastate When peer delete failed in a disconnect operation, use-after-free detected by KFENCE in below log. It is because for each vdevid and address, it has only one...
CVE-2022-50863
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: free unused skb to prevent memory leak This avoid potential memory leak under power saving mode...
CVE-2022-50784
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mei: fix potential NULL-ptr deref after clone If cloning the SKB fails, don't try to use it, but rather return as if we should pass it. Coverity CID: 1503456...
CVE-2022-50829 wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: Fix use-after-free in ath9khifusbregincb It is possible that skb is freed in ath9khtcrxmsg, then usbsubmiturb fails and we try to free skb again. It causes use-after-free bug. Moreover, if allocskb fails,...