CVE-2025-39746
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-11

Last updated on: 2025-11-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: shutdown driver when hardware is unreliable In rare cases, ath10k may lose connection with the PCIe bus due to some unknown reasons, which could further lead to system crashes during resuming due to watchdog timeout: ath10k_pci 0000:01:00.0: wmi command 20486 timeout, restarting hardware ath10k_pci 0000:01:00.0: already restarting ath10k_pci 0000:01:00.0: failed to stop WMI vdev 0: -11 ath10k_pci 0000:01:00.0: failed to stop vdev 0: -11 ieee80211 phy0: PM: **** DPM device timeout **** Call Trace: panic+0x125/0x315 dpm_watchdog_set+0x54/0x54 dpm_watchdog_handler+0x57/0x57 call_timer_fn+0x31/0x13c At this point, all WMI commands will timeout and attempt to restart device. So set a threshold for consecutive restart failures. If the threshold is exceeded, consider the hardware is unreliable and all ath10k operations should be skipped to avoid system crash. fail_cont_count and pending_recovery are atomic variables, and do not involve complex conditional logic. Therefore, even if recovery check and reconfig complete are executed concurrently, the recovery mechanism will not be broken. Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00288-QCARMSWPZ-1
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-11
Last Modified
2025-11-25
Generated
2026-05-07
AI Q&A
2025-09-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39746
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-NVD-CWE-noinfo
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the Linux kernel's ath10k WiFi driver, where the driver may lose connection with the PCIe bus for unknown reasons. This can cause system crashes during resume operations due to watchdog timeouts. When the hardware becomes unreliable, the driver attempts to restart the device repeatedly, but if a threshold of consecutive restart failures is exceeded, the driver disables all ath10k operations to prevent system crashes.


How can this vulnerability impact me? :

This vulnerability can lead to system instability and crashes, especially during system resume operations. If the ath10k WiFi hardware becomes unreliable and repeatedly fails to restart, it can cause the system to hang or crash due to watchdog timeouts, potentially disrupting network connectivity and overall system availability.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring system logs for specific error messages related to the ath10k driver losing connection with the PCIe bus. Look for log entries such as 'ath10k_pci 0000:01:00.0: wmi command timeout, restarting hardware', 'failed to stop WMI vdev', and 'PM: **** DPM device timeout ****'. You can use commands like 'dmesg | grep ath10k' or 'journalctl -k | grep ath10k' to check for these messages.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves applying the updated Linux kernel patch that implements a threshold for consecutive restart failures of the ath10k driver. When the threshold is exceeded, the driver will consider the hardware unreliable and skip all ath10k operations to avoid system crashes. Until the patch is applied, monitoring for the described error messages and avoiding system resume operations that trigger the watchdog timeout may help reduce crashes.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart