| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025090730-CVE-2025-39732-4c7f@gregkh> Date: Sun, 7 Sep 2025 17:16:33 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-39732: wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() ath11k_mac_disable_peer_fixed_rate() is passed as the iterator to ieee80211_iterate_stations_atomic(). Note in this case the iterator is required to be atomic, however ath11k_mac_disable_peer_fixed_rate() does not follow it as it might sleep. Consequently below warning is seen: BUG: sleeping function called from invalid context at wmi.c:304 Call Trace: <TASK> dump_stack_lvl __might_resched.cold ath11k_wmi_cmd_send ath11k_wmi_set_peer_param ath11k_mac_disable_peer_fixed_rate ieee80211_iterate_stations_atomic ath11k_mac_op_set_bitrate_mask.cold Change to ieee80211_iterate_stations_mtx() to fix this issue. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30 The Linux kernel CVE team has assigned CVE-2025-39732 to this issue. Affected and fixed versions =========================== Issue introduced in 5.6 with commit d5c65159f2895379e11ca13f62feabe93278985d and fixed in 6.12.42 with commit 9c0e3144924c7db701575a73af341d33184afeaf Issue introduced in 5.6 with commit d5c65159f2895379e11ca13f62feabe93278985d and fixed in 6.15.10 with commit 7d4d0db0dc9424de2bdc0b45e919e4892603356f Issue introduced in 5.6 with commit d5c65159f2895379e11ca13f62feabe93278985d and fixed in 6.16.1 with commit 6bdef22d540258ca06f079f7b6ae100669a19b47 Issue introduced in 5.6 with commit d5c65159f2895379e11ca13f62feabe93278985d and fixed in 6.17-rc1 with commit 65c12b104cb942d588a1a093acc4537fb3d3b129 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-39732 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/ath/ath11k/mac.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/9c0e3144924c7db701575a73af341d33184afeaf https://git.kernel.org/stable/c/7d4d0db0dc9424de2bdc0b45e919e4892603356f https://git.kernel.org/stable/c/6bdef22d540258ca06f079f7b6ae100669a19b47 https://git.kernel.org/stable/c/65c12b104cb942d588a1a093acc4537fb3d3b129
Powered by blists - more mailing lists