Acknowledged
Created: Oct 10, 2025
Updated: Oct 17, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]wifi: mwifiex: Initialize the chan_stats array to zero[EOL][EOL]The adapter->chan_stats[] array is initialized in[EOL]mwifiex_init_channel_scan_gap() with vmalloc(), which doesn't zero out[EOL]memory. The array is filled in mwifiex_update_chan_statistics()[EOL]and then the user can query the data in mwifiex_cfg80211_dump_survey().[EOL][EOL]There are two potential issues here. What if the user calls[EOL]mwifiex_cfg80211_dump_survey() before the data has been filled in.[EOL]Also the mwifiex_update_chan_statistics() function doesn't necessarily[EOL]initialize the whole array. Since the array was not initialized at[EOL]the start that could result in an information leak.[EOL][EOL]Also this array is pretty small. It's a maximum of 900 bytes so it's[EOL]more appropriate to use kcalloc() instead vmalloc().
