CVE-2025-40131

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: Fix peer lookup in ath12k_dp_mon_rx_deliver_msdu()

In ath12k_dp_mon_rx_deliver_msdu(), peer lookup fails because rxcb->peer_id is not updated with a valid value. This is expected in monitor mode, where RX frames bypass the regular RX descriptor path that typically sets rxcb->peer_id. As a result, the peer is NULL, and link_id and link_valid fields in the RX status are not populated. This leads to a WARN_ON in mac80211 when it receives data frame from an associated station with invalid link_id.

Fix this potential issue by using ppduinfo->peer_id, which holds the correct peer id for the received frame. This ensures that the peer is correctly found and the associated link metadata is updated accordingly.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxbd00cc7e8a4c1048d14c9a9e9790c582119785fb < da64eb2da76ce5626238a951fdf3e81810454427affected
LinuxLinuxbd00cc7e8a4c1048d14c9a9e9790c582119785fb < 7ca61ed8b3f3fc9a7decd68039cb1d7d1238c566affected
LinuxLinux124bd8cea02395a1a140f1dcc5e57c65cdd428afaffected
LinuxLinux6.15.3 < 6.16affected
LinuxLinux6.16affected
LinuxLinux0 < 6.16unaffected
LinuxLinux6.17.3 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References