CVE-2025-21905: wifi: iwlwifi: limit printed string from FW file
First published: Tue Apr 01 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the file, it can perhaps even read beyond the end of the file buffer. Fix that by limiting the print format to the size of the buffer we have.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=5.2<5.4.291 | |
| Linux Kernel | >=5.5<5.10.235 | |
| Linux Kernel | >=5.11<5.15.179 | |
| Linux Kernel | >=5.16<6.1.131 | |
| Linux Kernel | >=6.2<6.6.83 | |
| Linux Kernel | >=6.7<6.12.19 | |
| Linux Kernel | >=6.13<6.13.7 | |
| Linux Kernel | =6.14-rc1 | |
| Linux Kernel | =6.14-rc2 | |
| Linux Kernel | =6.14-rc3 | |
| Linux Kernel | =6.14-rc4 | |
| Linux Kernel | =6.14-rc5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/38f0d398b6d7640d223db69df022c4a232f24774
- https://git.kernel.org/stable/c/c0e626f2b2390472afac52dfe72b29daf9ed8e1d
- https://git.kernel.org/stable/c/47616b82f2d42ea2060334746fed9a2988d845c9
- https://git.kernel.org/stable/c/88ed69f924638c7503644e1f8eed1e976f3ffa7a
- https://git.kernel.org/stable/c/b02f8d5a71c8571ccf77f285737c566db73ef5e5
- https://git.kernel.org/stable/c/f265e6031d0bc4fc40c4619cb42466722b46eaa9
- https://git.kernel.org/stable/c/59cdda202829d1d6a095d233386870a59aff986f
- https://git.kernel.org/stable/c/e0dc2c1bef722cbf16ae557690861e5f91208129
Frequently Asked Questions
What is the severity of CVE-2025-21905?
CVE-2025-21905 has been classified as a moderate severity vulnerability in the Linux kernel.
How do I fix CVE-2025-21905?
To fix CVE-2025-21905, update the Linux kernel to a version that has addressed this vulnerability, specifically versions beyond those listed affected.
Which versions of the Linux kernel are affected by CVE-2025-21905?
CVE-2025-21905 affects multiple versions of the Linux kernel, specifically those between 5.2 and 6.14-rc5.
What type of vulnerability is CVE-2025-21905?
CVE-2025-21905 is a vulnerability related to improper string termination in the iwlwifi driver, which may lead to reading beyond buffer boundaries.
Is there a workaround for CVE-2025-21905?
While the recommended method to mitigate CVE-2025-21905 is to update the kernel, no specific workarounds have been documented.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/source
- agent/author
- agent/tags
- agent/remedy
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- collector/nvd-api
- source/NVD
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.2
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- version/linux kernel/6.13
- version/linux kernel/6.14-rc1
- version/linux kernel/6.14-rc2
- version/linux kernel/6.14-rc3
- version/linux kernel/6.14-rc4
- version/linux kernel/6.14-rc5