VDB
DEBIAN-CVE-2025-21905
DEBIAN-CVE-2025-21905
PUBLISHED
CVSS 7.099999904632568 HIGH
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the file, it can perhaps even read beyond the end of the file buffer. Fix that by limiting the print format to the size of the buffer we have.
Risk Scores
CVSS v3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | 0, 0 |
| Debian:11 | linux | 5.10.158-2, 0, 5.10.103-1 |
| Debian:11 | linux-6.1 | 6.1.128-1~deb11u1, 6.1.119-1~deb11u1, * |
| Debian:14 | linux | 0, 0 |
| Debian:12 | linux | 6.1.55-1, 6.1.55-1~bpo11+1, 6.1.64-1 |
Timeline
- Apr 1, 2025 CVE Published
- Apr 28, 2026 CVE Updated