CVE-2025-39891: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-39891 is a vulnerability discovered in the Linux kernel's Marvell mwifiex WiFi driver, disclosed on October 1, 2025. The issue affects the initialization of the chanstats array in the mwifiexinitchannelscan_gap() function, where vmalloc() is used without properly zeroing out memory (NVD, RedHat).

The vulnerability stems from improper memory initialization in the mwifiex driver. The adapter->chanstats[] array is initialized using vmalloc() which doesn't zero out memory. The array is later filled in mwifiexupdatechanstatistics() and can be queried via mwifiexcfg80211dump_survey(). The array size is approximately 900 bytes, making kcalloc() a more appropriate choice than vmalloc(). The vulnerability has been assigned a CVSS v3.1 base score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) (RedHat).

The primary impact is a potential information leak of kernel memory. If exploited, an attacker could read residual kernel data through the mwifiexcfg80211dump_survey() function before the array is fully initialized. The vulnerability only affects confidentiality, with no impact on system integrity or availability (RedHat).

The fix involves changing the memory allocation method from vmalloc() to kcalloc() to ensure proper zero-initialization of the chan_stats array. Red Hat has deferred fixes for Enterprise Linux versions 8, 9, and 10, while versions 6 and 7 are not affected (RedHat).