CVE-2025-68729
Use-After-Free in Linux ath12k Driver Causes Kernel Crashes
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
| qualcomm | qcn9274 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's ath12k WiFi driver where packets received on the REO exception ring from unassociated peers are of an unexpected MSDU buffer type instead of the expected link descriptor type. Because the driver does not free the associated socket buffer (skb) for these packets due to a return check, it can lead to kernel crashes and buffer leaks. The fix involves updating the RX error handler to explicitly drop these MSDU buffer type packets to prevent further processing and ensure system stability.
How can this vulnerability impact me? :
This vulnerability can cause kernel crashes and buffer leaks in systems using the affected Linux kernel WiFi driver. Such instability can lead to system downtime, degraded performance, or potential denial of service due to resource exhaustion.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the ath12k driver, which explicitly drops MSDU buffer type packets received on the REO exception ring. This prevents kernel crashes and buffer leaks by ensuring proper handling of RX error packets.