CVE-2026-53258

The CVE describes a memory leak in the Linux kernel wlan 6 GHz scanning path. Root cause: rdev->int_scan_req is leaked when cfg80211_scan() fails, because the expected release at ___cfg80211_scan_done() doesn’t occur since rdev->scan_req is NULL at that point, causing the freeing function t...

CVE-2026-45255

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

CVE-2026-45255

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

CVE-2026-45255 Remote code execution via installer Wi-Fi access point scans

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

EUVD-2026-31263

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

FreeBSD-SA-26:23.bsdinstall

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:23.bsdinstall Security Advisory The FreeBSD Project Topic: Remote code execution via installer Wi-Fi access point scans Category: core Module: bsdinstall...

FreeBSD -- Remote code execution via installer Wi-Fi access point scans

Problem Description: When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to...

CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

CVE-2025-48599

In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-201759

In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48599

In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48599

The CVE-2025-48599 entry concerns the WifiScanModeActivity.java code path, where a missing permission check could allow local escalation of privilege. Multiple connected sources (Red Hat CVE page, ENISA EUVD entry, CNNVD, NVD, and OSV/CVE lists) describe the issue as a local privilege elevation w...

CVE-2025-48599

In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ASB-A-299633613

In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990166)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990166 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211wextsiwscan', add extra check...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989712)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989712 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211wextsiwscan', add extra check...

CVE-2022-20537

In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is...

UBUNTU-CVE-2024-56539

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy field-spanning write warning in mwifiexconfigscan Replace one-element array with a flexible-array member in struct mwifiexietypeswildcardssidparams to fix the following warning on a MT8173 Chromebook...

PT-2024-33847

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: A vulnerability in the Linux kernel has been fixed, involving the mwifiex WiFi driver. The issue was a memcpy field-spanning write warning in the mwifiex cmd 802 11 scan ext function. This...

DEBIAN-CVE-2024-41072

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211wextsiwscan', add extra check whether number of channels passed via 'ioctlsock, SIOCSIWSCAN, ...' doesn't exceed IWMAXFREQUENCIES and reject invalid request with...