CVE-2025-71273
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() Simplify the code by using device managed memory allocations. This also fixes a memory leak in rtw_register_hw(). The supported bands were not freed in the error path. Copied from commit 145df52a8671 ("wifi: rtw89: Convert rtw89_core_set_supported_band to use devm_*").
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2025-71273
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2025-71273.html
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/ad9b80ee310ed734482a2e5da874b67f88ac0ef8
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/9b5418070ee8468fac9e8bf641c83d46b85bff30
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/2ba12401cc1f2d970fa2e7d5b15abde3f5abd40d
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/1bd90e0a99fdc8dc5deb3c92bf865e4496b4b311
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | forky | fixed | 6.19.6-1 |
| debian | sid | fixed | 6.19.6-1 |
| debian | trixie | fixed | 6.12.85-1 |
| linux-kernel | affected | 6.12.75 |
References
- https://git.kernel.org/stable/c/1bd90e0a99fdc8dc5deb3c92bf865e4496b4b311
- https://git.kernel.org/stable/c/2ba12401cc1f2d970fa2e7d5b15abde3f5abd40d
- https://git.kernel.org/stable/c/9b5418070ee8468fac9e8bf641c83d46b85bff30
- https://git.kernel.org/stable/c/ad9b80ee310ed734482a2e5da874b67f88ac0ef8
- https://www.suse.com/security/cve/CVE-2025-71273.html
- https://security-tracker.debian.org/tracker/CVE-2025-71273
CWEs
CWE-401
Verify integrity in audit chain (admin only). AS-IS.