CVE-2025-71100 wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc()

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cutxfilldesc TID getting from ieee80211gettid might be out of range of array size of staentry-tids, so check TID is less than MAXTIDCOUNT. Othwerwise, UBSAN warn: UBSAN:...

CVE-2023-43520

Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE...

kernel: wifi: ath12k: Decrement TID on RX peer frag setup error handling

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Decrement TID on RX peer frag setup error handling Currently, TID is not decremented before peer cleanup, during error handling path of ath12kdprxpeerfragsetup. This could lead to out-of-bounds access in peer-rxtid...

wifi: iwlwifi: mvm: ensure offloading TID queue exists

...

CVE-2025-39761

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Decrement TID on RX peer frag setup error handling Currently, TID is not decremented before peer cleanup, during error handling path of ath12kdprxpeerfragsetup. This could lead to out-of-bounds access in peer-rxtid...

CVE-2025-39750

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Correct tid cleanup when tid setup fails Currently, if any error occurs during ath12kdprxpeertidsetup, the tid value is already incremented, even though the corresponding TID is not actually allocated. Proceed to...

UBUNTU-CVE-2025-39761

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Decrement TID on RX peer frag setup error handling Currently, TID is not decremented before peer cleanup, during error handling path of ath12kdprxpeerfragsetup. This could lead to out-of-bounds access in peer-rxtid...

CVE-2025-39761

CVE-2025-39761 pertains to the Linux kernel wifi driver ath12k. The issue arises when RX peer frag setup errors occur: TID is not decremented before cleaning up peer state, risking an out-of-bounds access in peer->rx_tid[]. The advisory states that a decrement operation on TID before peer clea...

kernel: wifi: iwlwifi: mvm: ensure offloading TID queue exists

A vulnerability was found in the Linux kernel's iwlwifi driver for Intel wireless devices. This issue occurs when the system attempts to sync the TX queue for an offloading TID during resume, but the queue is not allocated if no packets have been sent on TID 0...

kernel: wifi: iwlwifi: mvm: ensure offloading TID queue exists

A vulnerability was found in the Linux kernel's iwlwifi driver for Intel wireless devices. This issue occurs when the system attempts to sync the TX queue for an offloading TID during resume, but the queue is not allocated if no packets have been sent on TID 0...

AZL-67493 CVE-2024-27056 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: ensure offloading TID queue exists The resume code path assumes that the TX queue for the offloading TID has been configured. At resume time it then tries to sync the write pointer as it may have been updated ...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption when verifying a TID to link mapping operation request frame when the station is connected to an access point...

Qualcomm Chipsets Security Vulnerability

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption when verifying a TID to link mapping operation request frame when the station is connected to an access point...