34 matches found
CVE-2026-53258
In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev-intscanreq is leaked if cfg80211scan fails. Note that it's supposed to be released at cfg80211scandone but this doesn't happen as rdev-scanreq is NULL at that point, too, leading ...
CVE-2026-53258
CVE-2026-53258 affects the Linux kernel WiFi stack: when a 6 GHz split scan fails, rdev->int_scan_req is leaked because cfg80211_scan() fails before ___cfg80211_scan_done() releases it. The leak is observed in kernel mode tracing (kmemleak) and is associated with a wpa_supplicant process in th...
CVE-2026-45255
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...
CVE-2026-45255
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...
EUVD-2026-31263
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...
CVE-2026-45255 Remote code execution via installer Wi-Fi access point scans
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...
FreeBSD-SA-26:23.bsdinstall
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:23.bsdinstall Security Advisory The FreeBSD Project Topic: Remote code execution via installer Wi-Fi access point scans Category: core Module: bsdinstall...
FreeBSD -- Remote code execution via installer Wi-Fi access point scans
Problem Description: When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to...
CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal
LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...
CVE-2025-48599
In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-201759
In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48599
In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48599
In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48599
The CVE-2025-48599 entry concerns the WifiScanModeActivity.java code path, where a missing permission check could allow local escalation of privilege. Multiple connected sources (Red Hat CVE page, ENISA EUVD entry, CNNVD, NVD, and OSV/CVE lists) describe the issue as a local privilege elevation w...
ASB-A-299633613
In multiple functions of WifiScanModeActivity.java, there is a possible way to bypass a device config restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990166)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990166 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211wextsiwscan', add extra check...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989712)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989712 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211wextsiwscan', add extra check...
CVE-2022-20537
In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is...
UBUNTU-CVE-2024-56539
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy field-spanning write warning in mwifiexconfigscan Replace one-element array with a flexible-array member in struct mwifiexietypeswildcardssidparams to fix the following warning on a MT8173 Chromebook...
PT-2024-33847
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: A vulnerability in the Linux kernel has been fixed, involving the mwifiex WiFi driver. The issue was a memcpy field-spanning write warning in the mwifiex cmd 802 11 scan ext function. This...