CVE-2025-39761

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: Decrement TID on RX peer frag setup error handling

Currently, TID is not decremented before peer cleanup, during error handling path of ath12k_dp_rx_peer_frag_setup(). This could lead to out-of-bounds access in peer->rx_tid[].

Hence, add a decrement operation for TID, before peer cleanup to ensures proper cleanup and prevents out-of-bounds access issues when the RX peer frag setup fails.

Found during code review. Compile tested only.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxd889913205cf7ebda905b1e62c5867ed4e39f6c2 < eb1e1526b82b8cf31f1ef9ca86a2647fb6cd89c6affected
LinuxLinuxd889913205cf7ebda905b1e62c5867ed4e39f6c2 < 7c3e99fd4a66a5ac9c7dd32db07359666efe0002affected
LinuxLinuxd889913205cf7ebda905b1e62c5867ed4e39f6c2 < a3b73c72c42348bf1555fd2b00f32f941324b242affected
LinuxLinuxd889913205cf7ebda905b1e62c5867ed4e39f6c2 < 9530d666f4376c294cdf4348c29fe3542fec980aaffected
LinuxLinuxd889913205cf7ebda905b1e62c5867ed4e39f6c2 < 7c0884fcd2ddde0544d2e77f297ae461e1f53f58affected
LinuxLinux6.3affected
LinuxLinux0 < 6.3unaffected
LinuxLinux6.6.103 <= 6.6.*unaffected
LinuxLinux6.12.43 <= 6.12.*unaffected
LinuxLinux6.15.11 <= 6.15.*unaffected
LinuxLinux6.16.2 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

References