{
  "threat_severity" : "Moderate",
  "public_date" : "2025-09-19T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: wifi: cfg80211: fix use-after-free in cmp_bss()",
    "id" : "2396934",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2396934"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nwifi: cfg80211: fix use-after-free in cmp_bss()\nFollowing bss_free() quirk introduced in commit 776b3580178f\n(\"cfg80211: track hidden SSID networks properly\"), adjust\ncfg80211_update_known_bss() to free the last beacon frame\nelements only if they're not shared via the corresponding\n'hidden_beacon_bss' pointer.", "A use after free vulnerbility  exists in the linux kernel wifi module in the cmp_bss() function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system" ],
  "statement" : "A use-after-free issue was discovered in the cfg80211 subsystem, caused by freeing beacon_ies structures even when they were still referenced through hidden_beacon_bss.\nExploitation requires local access with capabilities to manage Wi-Fi interfaces (e.g., via nl80211) and is unlikely under normal conditions.\nThe vulnerability could theoretically lead to kernel memory corruption or privilege escalation, though the trigger is complex.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-11-10T00:00:00Z",
    "advisory" : "RHSA-2025:19962",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "kernel-0:6.12.0-55.43.1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-11-17T00:00:00Z",
    "advisory" : "RHSA-2025:21463",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "kernel-0:6.12.0-124.11.1.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-11-03T00:00:00Z",
    "advisory" : "RHSA-2025:19440",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.82.1.rt7.423.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2025-11-03T00:00:00Z",
    "advisory" : "RHSA-2025:19447",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.82.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2025-12-17T00:00:00Z",
    "advisory" : "RHSA-2025:23445",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "kernel-0:4.18.0-193.178.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2025-12-04T00:00:00Z",
    "advisory" : "RHSA-2025:22752",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "kernel-0:4.18.0-305.179.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2025-12-04T00:00:00Z",
    "advisory" : "RHSA-2025:22752",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4",
    "package" : "kernel-0:4.18.0-305.179.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21084",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "kernel-0:4.18.0-372.168.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21084",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "kernel-0:4.18.0-372.168.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21084",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "kernel-0:4.18.0-372.168.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21083",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.8",
    "package" : "kernel-0:4.18.0-477.118.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2025-11-12T00:00:00Z",
    "advisory" : "RHSA-2025:21083",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.8",
    "package" : "kernel-0:4.18.0-477.118.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-12-01T00:00:00Z",
    "advisory" : "RHSA-2025:22405",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.11.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-12-01T00:00:00Z",
    "advisory" : "RHSA-2025:22405",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.11.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-12-17T00:00:00Z",
    "advisory" : "RHSA-2025:23426",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "kernel-0:5.14.0-70.158.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2025-12-17T00:00:00Z",
    "advisory" : "RHSA-2025:23424",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv",
    "package" : "kernel-rt-0:5.14.0-70.158.1.rt21.230.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-12-17T00:00:00Z",
    "advisory" : "RHSA-2025:23423",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "kernel-0:5.14.0-284.150.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2025-12-17T00:00:00Z",
    "advisory" : "RHSA-2025:23422",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.150.1.rt14.435.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2025-12-17T00:00:00Z",
    "advisory" : "RHSA-2025:23450",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.103.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2025-12-01T00:00:00Z",
    "advisory" : "RHSA-2025:22392",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "kernel-0:5.14.0-570.69.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-39864\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-39864\nhttps://lore.kernel.org/linux-cve-announce/2025091906-CVE-2025-39864-a3a2@gregkh/T" ],
  "name" : "CVE-2025-39864",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}