CVE-2025-40131
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: Fix peer lookup in ath12k_dp_mon_rx_deliver_msdu()
In ath12k_dp_mon_rx_deliver_msdu(), peer lookup fails because rxcb->peer_id is not updated with a valid value. This is expected in monitor mode, where RX frames bypass the regular RX descriptor path that typically sets rxcb->peer_id. As a result, the peer is NULL, and link_id and link_valid fields in the RX status are not populated. This leads to a WARN_ON in mac80211 when it receives data frame from an associated station with invalid link_id.
Fix this potential issue by using ppduinfo->peer_id, which holds the correct peer id for the received frame. This ensures that the peer is correctly found and the associated link metadata is updated accordingly.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | bd00cc7e8a4c1048d14c9a9e9790c582119785fb < da64eb2da76ce5626238a951fdf3e81810454427 | affected |
| Linux | Linux | bd00cc7e8a4c1048d14c9a9e9790c582119785fb < 7ca61ed8b3f3fc9a7decd68039cb1d7d1238c566 | affected |
| Linux | Linux | 124bd8cea02395a1a140f1dcc5e57c65cdd428af | affected |
| Linux | Linux | 6.15.3 < 6.16 | affected |
| Linux | Linux | 6.16 | affected |
| Linux | Linux | 0 < 6.16 | unaffected |
| Linux | Linux | 6.17.3 <= 6.17.* | unaffected |
| Linux | Linux | 6.18 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/da64eb2da76ce5626238a951fdf3e81810454427
- https://git.kernel.org/stable/c/7ca61ed8b3f3fc9a7decd68039cb1d7d1238c566
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.