We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-38116

wifi: ath12k: fix uaf in ath12k_core_init()



Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix uaf in ath12k_core_init() When the execution of ath12k_core_hw_group_assign() or ath12k_core_hw_group_create() fails, the registered notifier chain is not unregistered properly. Its memory is freed after rmmod, which may trigger to a use-after-free (UAF) issue if there is a subsequent access to this notifier chain. Fixes the issue by calling ath12k_core_panic_notifier_unregister() in failure cases. Call trace: notifier_chain_register+0x4c/0x1f0 (P) atomic_notifier_chain_register+0x38/0x68 ath12k_core_init+0x50/0x4e8 [ath12k] ath12k_pci_probe+0x5f8/0xc28 [ath12k] pci_device_probe+0xbc/0x1a8 really_probe+0xc8/0x3a0 __driver_probe_device+0x84/0x1b0 driver_probe_device+0x44/0x130 __driver_attach+0xcc/0x208 bus_for_each_dev+0x84/0x100 driver_attach+0x2c/0x40 bus_add_driver+0x130/0x260 driver_register+0x70/0x138 __pci_register_driver+0x68/0x80 ath12k_pci_init+0x30/0x68 [ath12k] ath12k_init+0x28/0x78 [ath12k] Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3

Reserved 2025-04-16 | Published 2025-07-03 | Updated 2025-07-03 | Assigner Linux

Product status

Default status
unaffected

6f245ea0ec6c29b90c8fa4fdf6e178c646125d7e before 65e1b3404c211dcfaea02698539cdcd26647130f
affected

6f245ea0ec6c29b90c8fa4fdf6e178c646125d7e before f3fe49dbddd73f0155a8935af47cb63693069dbe
affected

Default status
affected

6.14
affected

Any version before 6.14
unaffected

6.15.3
unaffected

6.16-rc2
unaffected

References

git.kernel.org/...c/65e1b3404c211dcfaea02698539cdcd26647130f

git.kernel.org/...c/f3fe49dbddd73f0155a8935af47cb63693069dbe

cve.org (CVE-2025-38116)

nvd.nist.gov (CVE-2025-38116)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-38116

Support options

Helpdesk Chat, Email, Knowledgebase