CVE-2025-38292
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix invalid access to memory
In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean is_continuation is part of rxcb. Currently, after freeing the skb, the rxcb->is_continuation accessed again which is wrong since the memory is already freed. This might lead use-after-free error.
Hence, fix by locally defining bool is_continuation from rxcb, so that after freeing skb, is_continuation can be used.
Compile tested only.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d889913205cf7ebda905b1e62c5867ed4e39f6c2 < 371b340affa52f280f6eadfd25fbd43f09f0d5c0 | affected |
| Linux | Linux | d889913205cf7ebda905b1e62c5867ed4e39f6c2 < 5f09d16cd57764c95c8548fe5b70672c9ac01127 | affected |
| Linux | Linux | d889913205cf7ebda905b1e62c5867ed4e39f6c2 < 9f17747fbda6fca934854463873c4abf8061491d | affected |
| Linux | Linux | 6.3 | affected |
| Linux | Linux | 0 < 6.3 | unaffected |
| Linux | Linux | 6.12.34 <= 6.12.* | unaffected |
| Linux | Linux | 6.15.3 <= 6.15.* | unaffected |
| Linux | Linux | 6.16 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/371b340affa52f280f6eadfd25fbd43f09f0d5c0
- https://git.kernel.org/stable/c/5f09d16cd57764c95c8548fe5b70672c9ac01127
- https://git.kernel.org/stable/c/9f17747fbda6fca934854463873c4abf8061491d
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.