CVE-2025-38292
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-11-19
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the ath12k driver has been fixed to prevent use-after-free errors in ath12k_dp_rx_msdu_coalesce(). This involves applying the patch that locally defines the is_continuation boolean before freeing skb to avoid invalid memory access.
Can you explain this vulnerability to me?
This vulnerability is a use-after-free error in the Linux kernel's ath12k WiFi driver. Specifically, in the function ath12k_dp_rx_msdu_coalesce(), a structure called rxcb is accessed after its associated memory (skb) has been freed. Accessing rxcb->is_continuation after freeing skb leads to invalid memory access, which can cause system instability or crashes. The fix involves copying the is_continuation boolean value locally before freeing skb, preventing access to freed memory.
How can this vulnerability impact me? :
This vulnerability can lead to use-after-free errors, which may cause system crashes, instability, or potentially allow an attacker to execute arbitrary code or cause denial of service by exploiting the invalid memory access in the WiFi driver.