Impact
A mismatch between HE/EHT capability settings and operational parameters in the Linux kernel’s cfg80211 wireless subsystem can cause a null pointer dereference that triggers a kernel panic. This flaw represents a failure to validate error conditions (CWE‑390). The resulting crash stops the system, requiring a reboot and rendering the machine unavailable until the issue is fixed.
Affected Systems
All Linux kernel releases that expose the Wi‑Fi stack before the fix are affected, regardless of distribution. The vulnerability originates in the cfg80211 implementation that processes HE/EHT capability data, so any kernel configured to handle Wi‑Fi traffic and that does not include the consistency enforcement patch is at risk.
Risk and Exploitability
The CVSS base score of 5.5 and an EPSS score of less than 1% indicate moderate severity and a low likelihood of widespread exploitation. It is not listed in the CISA KEV catalog. The event is most likely triggered by an attacker delivering a malformed Wi‑ frame that contains inconsistent HE/EHT elements; this inference is based on how the kernel processes capability data. Exploitation can occur locally or remotely if the wireless interface is exposed to untrusted networks.
OpenCVE Enrichment