Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-71100— wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc()

EPSS 0.02% · P5
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-71100

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() TID getting from ieee80211_get_tid() might be out of range of array size of sta_entry->tids[], so check TID is less than MAX_TID_COUNT. Othwerwise, UBSAN warn: UBSAN: array-index-out-of-bounds in drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c:514:30 index 10 is out of range for type 'rtl_tid_data [9]'
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于rtl92cu_tx_fill_desc函数中未检查TID范围,可能导致数组索引越界。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 8ca4cdef93297c9b9bf08da39bc940bd20acbb94 ~ 9765d6eb8298b07d499cdf9ef7c237d3540102d6 -
LinuxLinux 6.9 -

II. Public POCs for CVE-2025-71100

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-71100

登录查看更多情报信息。

Same Patch Batch · Linux · 2026-01-13 · 93 CVEs total

CVE-2025-710897.8 HIGHiommu: disable SVA when CONFIG_X86 is set
CVE-2025-71067ntfs: set dummy blocksize to read boot_block when mounting
CVE-2025-68822Input: alps - fix use-after-free bugs caused by dev3_register_work
CVE-2025-68820ext4: xattr: fix null pointer deref in ext4_raw_inode()
CVE-2025-68819media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()
CVE-2025-68818scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path"
CVE-2025-68817ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency
CVE-2025-68816net/mlx5: fw_tracer, Validate format string parameters
CVE-2025-68821fuse: fix readahead reclaim deadlock
CVE-2025-71068svcrdma: bound check rq_pages index in inline path
CVE-2025-71076drm/xe/oa: Limit num_syncs to prevent oversized allocations
CVE-2025-71069f2fs: invalidate dentry cache on failed whiteout creation
CVE-2025-71071iommu/mediatek: fix use-after-free on probe deferral
CVE-2025-71070ublk: clean up user copy references on ublk server exit
CVE-2025-71072shmem: fix recovery on rename failures
CVE-2025-71073Input: lkkbd - disable pending work before freeing device
CVE-2025-71074functionfs: fix the open/removal races
CVE-2025-71075scsi: aic94xx: fix use-after-free in device removal path
CVE-2025-71077tpm: Cap the number of PCR banks
CVE-2025-71078powerpc/64s/slb: Fix SLB multihit issue during SLB preload

Showing top 20 of 93 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2025-71100

No comments yet

Leave a comment