Login Sign Up

CVE-2025-71222

N/A Unknown
Denial of Service

📋 TL;DR

A buffer underflow vulnerability in the Linux kernel's wlcore WiFi driver could cause kernel panics when transmitting network packets. This affects systems using wlcore-based wireless chipsets (like wl1271/wl128x) with insufficient skb headroom. The vulnerability can lead to denial of service but doesn't appear to enable arbitrary code execution.

💻 Affected Systems

Products:
  • Linux kernel with wlcore driver
Versions: Linux kernel versions containing vulnerable wlcore driver code (specific versions not specified in CVE)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using wlcore-based WiFi hardware (TI wl12xx/wl18xx chipsets). Systems without these chipsets or with WiFi disabled are not vulnerable.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and denial of service, potentially requiring physical access to restart affected systems.

🟠

Likely Case

Occasional system crashes or instability when WiFi is heavily used, particularly with certain packet sizes or configurations.

🟢

If Mitigated

Minor performance impact or no noticeable effect if patched or workarounds applied.

🌐 Internet-Facing: LOW - Requires local network access and specific WiFi chipset usage; not directly exploitable from internet.
🏢 Internal Only: MEDIUM - Could cause service disruption on affected internal systems using vulnerable WiFi drivers.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires ability to trigger specific WiFi packet transmission conditions. No public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits 689a7980e4788e13e766763d53569fb78dea2513 and related fixes

Vendor Advisory: https://git.kernel.org/stable/c/689a7980e4788e13e766763d53569fb78dea2513

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix. 2. Rebuild kernel if compiling from source. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable vulnerable WiFi interface

all

Temporarily disable wlcore-based WiFi to prevent exploitation

sudo ip link set wlan0 down
sudo rfkill block wifi

Use wired networking

all

Switch to Ethernet connection instead of WiFi

🧯 If You Can't Patch

  • Disable WiFi functionality on affected systems
  • Implement network segmentation to limit WiFi traffic to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Check if system uses wlcore driver: lsmod | grep wlcore; check kernel version: uname -r

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits or is newer than vulnerable versions

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages mentioning skb_under_panic
  • System crash logs with wl1271_tx_work stack traces
  • dmesg errors related to wlcore or WiFi

Network Indicators:

  • Sudden WiFi disconnections
  • Unusual packet loss on WiFi interfaces

SIEM Query:

source="kernel" AND ("skb_under_panic" OR "wl1271_tx_work" OR "wlcore")

📊 Metadata

CVE ID: CVE-2025-71222
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON