| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091146-CVE-2025-39761-939b@gregkh> Date: Thu, 11 Sep 2025 18:53:01 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-39761: wifi: ath12k: Decrement TID on RX peer frag setup error handling From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Decrement TID on RX peer frag setup error handling Currently, TID is not decremented before peer cleanup, during error handling path of ath12k_dp_rx_peer_frag_setup(). This could lead to out-of-bounds access in peer->rx_tid[]. Hence, add a decrement operation for TID, before peer cleanup to ensures proper cleanup and prevents out-of-bounds access issues when the RX peer frag setup fails. Found during code review. Compile tested only. The Linux kernel CVE team has assigned CVE-2025-39761 to this issue. Affected and fixed versions =========================== Fixed in 6.6.103 with commit eb1e1526b82b8cf31f1ef9ca86a2647fb6cd89c6 Fixed in 6.12.43 with commit 7c3e99fd4a66a5ac9c7dd32db07359666efe0002 Fixed in 6.15.11 with commit a3b73c72c42348bf1555fd2b00f32f941324b242 Fixed in 6.16.2 with commit 9530d666f4376c294cdf4348c29fe3542fec980a Fixed in 6.17-rc1 with commit 7c0884fcd2ddde0544d2e77f297ae461e1f53f58 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-39761 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/ath/ath12k/dp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/eb1e1526b82b8cf31f1ef9ca86a2647fb6cd89c6 https://git.kernel.org/stable/c/7c3e99fd4a66a5ac9c7dd32db07359666efe0002 https://git.kernel.org/stable/c/a3b73c72c42348bf1555fd2b00f32f941324b242 https://git.kernel.org/stable/c/9530d666f4376c294cdf4348c29fe3542fec980a https://git.kernel.org/stable/c/7c0884fcd2ddde0544d2e77f297ae461e1f53f58
Powered by blists - more mailing lists