CVE-2025-40131
BaseFortify
Publication date: 2025-11-12
Last updated on: 2025-11-12
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
| qualcomm | qcn9274 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's ath12k WiFi driver, specifically in the function ath12k_dp_mon_rx_deliver_msdu(). The issue is that the peer lookup fails because the rxcb->peer_id is not updated with a valid value in monitor mode. This happens because RX frames bypass the usual RX descriptor path that normally sets rxcb->peer_id. As a result, the peer is NULL, and important link metadata fields like link_id and link_valid are not populated. This causes a WARN_ON warning in mac80211 when it receives a data frame from an associated station with an invalid link_id. The fix involves using ppduinfo->peer_id, which holds the correct peer id, ensuring the peer is correctly found and link metadata is properly updated.
How can this vulnerability impact me? :
This vulnerability can lead to warnings and potential instability in the WiFi stack (mac80211) when receiving data frames from associated stations, due to invalid link metadata. While the description does not explicitly mention security impacts like data leakage or privilege escalation, the failure to correctly identify peers and update link metadata could affect the reliability and correctness of WiFi communications in monitor mode.