Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Linux Kernel WiFi Vulnerability: Invalid Channel Connection
CVE-2025-71227
Summary
A Linux kernel weakness was found that could allow a malicious WiFi connection on an invalid channel. This could potentially happen when a device scans for available channels and then tries to connect to one that has been disabled since the scan. To fix this, the Linux kernel has been updated to provide a more informative error message instead of a warning when this happens. Affected users should update their Linux kernel to the latest version to resolve this issue.
Original title
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: don't WARN for connections on invalid channels
It's not clear (to me) how exactly syzbot managed to hit this,
b...
Original description
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: don't WARN for connections on invalid channels
It's not clear (to me) how exactly syzbot managed to hit this,
but it seems conceivable that e.g. regulatory changed and has
disabled a channel between scanning (channel is checked to be
usable by cfg80211_get_ies_channel_number) and connecting on
the channel later.
With one scenario that isn't covered elsewhere described above,
the warning isn't good, replace it with a (more informative)
error message.
wifi: mac80211: don't WARN for connections on invalid channels
It's not clear (to me) how exactly syzbot managed to hit this,
but it seems conceivable that e.g. regulatory changed and has
disabled a channel between scanning (channel is checked to be
usable by cfg80211_get_ies_channel_number) and connecting on
the channel later.
With one scenario that isn't covered elsewhere described above,
the warning isn't good, replace it with a (more informative)
error message.
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026