CVE-2025-71224 - Vulnerability Details

- wifi: mac80211: ocb: skip rx_no_sta when interface is not joined

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: ocb: skip rx_no_sta when interface is not joined

ieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only
present after JOIN_OCB.

RX may run before JOIN_OCB is executed, in which case the OCB interface
is not operational. Skip RX peer handling when the interface is not
joined to avoid warnings in the RX path.

Published: 2026-02-14

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`239281f803e2efdb77d906ef296086b6917e5d71`	affected	< fcc768760df08337525cde28e8460e36f9855af8
`239281f803e2efdb77d906ef296086b6917e5d71`	affected	< b04c75366a5471ae2dd7f4c33b7f1e2c08b9b32d
`239281f803e2efdb77d906ef296086b6917e5d71`	affected	< 8fd1c63e016893b7f6c1cf799410da4eaa98c090
`239281f803e2efdb77d906ef296086b6917e5d71`	affected	< ffe1e19c3b0e5b9eb9e04fad4bce7d1dc407fd77
`239281f803e2efdb77d906ef296086b6917e5d71`	affected	< 536447521b3b9be1975c7f1db9054bdf2ab779cb
`239281f803e2efdb77d906ef296086b6917e5d71`	affected	< e0bd226804f8e0098711042c93d64f3b720b36c0
`239281f803e2efdb77d906ef296086b6917e5d71`	affected	< ff4071c60018a668249dc6a2df7d16330543540e

Linux

affected

Version	Status	Constraints
`3.19`	affected	—
`0`	unaffected	< 3.19
`5.10.250`	unaffected	≤ 5.10.*
`5.15.200`	unaffected	≤ 5.15.*
`6.1.163`	unaffected	≤ 6.1.*
`6.6.124`	unaffected	≤ 6.6.*
`6.12.70`	unaffected	≤ 6.12.*
`6.18.10`	unaffected	≤ 6.18.*
`6.19`	unaffected	≤ *

No data.

Vendor	Product	Confidence	Versions
Linux	Linux Kernel	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4498-1	linux security update
Debian DLA	DLA-4499-1	linux-6.1 security update
Debian DSA	DSA-6141-1	linux security update
Debian DSA	DSA-6163-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00051.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/536447521b3b9be1975c7f1db9054bdf2ab779cb
https://git.kernel.org/stable/c/8fd1c63e016893b7f6c1cf799410da4eaa98c090
https://git.kernel.org/stable/c/b04c75366a5471ae2dd7f4c33b7f1e2c08b9b32d
https://git.kernel.org/stable/c/e0bd226804f8e0098711042c93d64f3b720b36c0
https://git.kernel.org/stable/c/fcc768760df08337525cde28e8460e36f9855af8
https://git.kernel.org/stable/c/ff4071c60018a668249dc6a2df7d16330543540e
https://git.kernel.org/stable/c/ffe1e19c3b0e5b9eb9e04fad4bce7d1dc407fd77
https://lore.kernel.org/linux-cve-announce/2026021427-CVE-2025-71224-318e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-71224
https://www.cve.org/CVERecord?id=CVE-2025-71224

History

Mon, 16 Feb 2026 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026021427-CVE-2025-71224-318e@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-71224 https://www.cve.org/CVERecord?id=CVE-2025-71224
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Sat, 14 Feb 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: ocb: skip rx_no_sta when interface is not joined ieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only present after JOIN_OCB. RX may run before JOIN_OCB is executed, in which case the OCB interface is not operational. Skip RX peer handling when the interface is not joined to avoid warnings in the RX path.
Title		wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/536447521b3b9be1975c7f1db9054bdf2ab779cb https://git.kernel.org/stable/c/8fd1c63e016893b7f6c1cf799410da4eaa98c090 https://git.kernel.org/stable/c/b04c75366a5471ae2dd7f4c33b7f1e2c08b9b32d https://git.kernel.org/stable/c/e0bd226804f8e0098711042c93d64f3b720b36c0 https://git.kernel.org/stable/c/fcc768760df08337525cde28e8460e36f9855af8 https://git.kernel.org/stable/c/ff4071c60018a668249dc6a2df7d16330543540e https://git.kernel.org/stable/c/ffe1e19c3b0e5b9eb9e04fad4bce7d1dc407fd77

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-14T16:27:06.752Z

Updated: 2026-02-16T08:58:47.027Z

Reserved: 2026-02-14T16:26:02.969Z

Link: CVE-2025-71224

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2026-02-14T17:15:54.773

Modified: 2026-04-15T14:34:27.800

Link: CVE-2025-71224

Redhat

Severity : Moderate

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2025-71224 - Bugzilla

OpenCVE Enrichment

Updated: 2026-02-16T09:44:06Z

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object