CVE-2025-39952: 
Linux Kernel vulnerability analysis and mitigation

A buffer overflow vulnerability was discovered in the Linux kernel's wilc1000 WiFi driver, identified as CVE-2025-39952. The vulnerability was disclosed on October 4, 2025, affecting the WID string configuration in the wilc1000 wireless driver. The issue specifically resides in the drivers/net/wireless/microchip/wilc1000/wlancfg.c file within the wilcwlanparseresponse_frame() function (NVD, RedHat).

The vulnerability stems from a copy overflow condition where a buffer of 512 bytes could potentially be overflowed with data up to 65,537 bytes in the WID string configuration. The issue was initially identified by the Smatch checker tool in the wilcwlanparseresponseframe() function. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Moderate) with a vector string of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (RedHat).

The vulnerability could lead to a buffer overflow condition in the affected systems. The CVSS scoring indicates that while the vulnerability requires local access and low privileges, it could potentially result in high availability impact to the system, though without compromising confidentiality or integrity (RedHat).

A patch has been developed that introduces size checks before accessing the memory buffer. The fix implements checks based on the WID type of received data from the firmware, with size limits determined by individual element size in 'struct wilccfgstrvals' maintained in the 'len' field of 'struct wilccfg_str' (NVD).