CVE - CVE-2025-21905

CVE-ID
CVE-2025-21905	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the file, it can perhaps even read beyond the end of the file buffer. Fix that by limiting the print format to the size of the buffer we have.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/38f0d398b6d7640d223db69df022c4a232f24774 URL:https://git.kernel.org/stable/c/38f0d398b6d7640d223db69df022c4a232f24774 MISC:https://git.kernel.org/stable/c/47616b82f2d42ea2060334746fed9a2988d845c9 URL:https://git.kernel.org/stable/c/47616b82f2d42ea2060334746fed9a2988d845c9 MISC:https://git.kernel.org/stable/c/59cdda202829d1d6a095d233386870a59aff986f URL:https://git.kernel.org/stable/c/59cdda202829d1d6a095d233386870a59aff986f MISC:https://git.kernel.org/stable/c/88ed69f924638c7503644e1f8eed1e976f3ffa7a URL:https://git.kernel.org/stable/c/88ed69f924638c7503644e1f8eed1e976f3ffa7a MISC:https://git.kernel.org/stable/c/b02f8d5a71c8571ccf77f285737c566db73ef5e5 URL:https://git.kernel.org/stable/c/b02f8d5a71c8571ccf77f285737c566db73ef5e5 MISC:https://git.kernel.org/stable/c/c0e626f2b2390472afac52dfe72b29daf9ed8e1d URL:https://git.kernel.org/stable/c/c0e626f2b2390472afac52dfe72b29daf9ed8e1d MISC:https://git.kernel.org/stable/c/e0dc2c1bef722cbf16ae557690861e5f91208129 URL:https://git.kernel.org/stable/c/e0dc2c1bef722cbf16ae557690861e5f91208129 MISC:https://git.kernel.org/stable/c/f265e6031d0bc4fc40c4619cb42466722b46eaa9 URL:https://git.kernel.org/stable/c/f265e6031d0bc4fc40c4619cb42466722b46eaa9
Assigning CNA
kernel.org
Date Record Created
20241229	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20241229)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)