Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the file, it can perhaps even read beyond the end of the file buffer. Fix that by limiting the print format to the size of the buffer we have.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.2, < 5.4.291 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/38f0d398b6d7640d223db69df022c4a232f24774Patch
- https://git.kernel.org/stable/c/47616b82f2d42ea2060334746fed9a2988d845c9Patch
- https://git.kernel.org/stable/c/59cdda202829d1d6a095d233386870a59aff986fPatch
- https://git.kernel.org/stable/c/88ed69f924638c7503644e1f8eed1e976f3ffa7aPatch
- https://git.kernel.org/stable/c/b02f8d5a71c8571ccf77f285737c566db73ef5e5Patch
- https://git.kernel.org/stable/c/c0e626f2b2390472afac52dfe72b29daf9ed8e1dPatch
- https://git.kernel.org/stable/c/e0dc2c1bef722cbf16ae557690861e5f91208129Patch
- https://git.kernel.org/stable/c/f265e6031d0bc4fc40c4619cb42466722b46eaa9Patch
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
FAQ
What is CVE-2025-21905?
CVE-2025-21905 is a vulnerability with a CVSS score of 7.1 (HIGH). In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so read...
How severe is CVE-2025-21905?
CVE-2025-21905 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-21905?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.