CVE-2025-39750
BaseFortify
Publication date: 2025-09-11
Last updated on: 2025-11-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's ath12k WiFi driver. When an error happens during the setup of a TID (Traffic Identifier) in the function ath12k_dp_rx_peer_tid_setup(), the tid counter is incremented even though the TID was not actually allocated. Later, the cleanup function ath12k_dp_rx_peer_tid_delete() attempts to free a TID starting from this unallocated tid, which can lead to freeing memory that was never allocated, potentially causing a crash or out-of-bounds memory access. The fix involves correctly decrementing the tid counter before cleanup to ensure only successfully allocated TIDs are freed.
How can this vulnerability impact me? :
This vulnerability can cause the system to crash or experience out-of-bounds memory access due to improper cleanup of unallocated TIDs in the WiFi driver. Such crashes can lead to denial of service or instability in the affected system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the ath12k tid cleanup issue. The fix ensures correct tid decrementing during error handling in ath12k_dp_rx_peer_tid_setup() and ath12k_dp_rx_peer_frag_setup(), preventing potential crashes or out-of-bounds access.