| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025092459-CVE-2025-39890-bc43@gregkh>
Date: Wed, 24 Sep 2025 13:03:00 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-39890: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event
Currently, in ath12k_service_ready_ext_event(), svc_rdy_ext.mac_phy_caps
is not freed in the failure case, causing a memory leak. The following
trace is observed in kmemleak:
unreferenced object 0xffff8b3eb5789c00 (size 1024):
comm "softirq", pid 0, jiffies 4294942577
hex dump (first 32 bytes):
00 00 00 00 01 00 00 00 00 00 00 00 7b 00 00 10 ............{...
01 00 00 00 00 00 00 00 01 00 00 00 1f 38 00 00 .............8..
backtrace (crc 44e1c357):
__kmalloc_noprof+0x30b/0x410
ath12k_wmi_mac_phy_caps_parse+0x84/0x100 [ath12k]
ath12k_wmi_tlv_iter+0x5e/0x140 [ath12k]
ath12k_wmi_svc_rdy_ext_parse+0x308/0x4c0 [ath12k]
ath12k_wmi_tlv_iter+0x5e/0x140 [ath12k]
ath12k_service_ready_ext_event.isra.0+0x44/0xd0 [ath12k]
ath12k_wmi_op_rx+0x2eb/0xd70 [ath12k]
ath12k_htc_rx_completion_handler+0x1f4/0x330 [ath12k]
ath12k_ce_recv_process_cb+0x218/0x300 [ath12k]
ath12k_pci_ce_workqueue+0x1b/0x30 [ath12k]
process_one_work+0x219/0x680
bh_worker+0x198/0x1f0
tasklet_action+0x13/0x30
handle_softirqs+0xca/0x460
__irq_exit_rcu+0xbe/0x110
irq_exit_rcu+0x9/0x30
Free svc_rdy_ext.mac_phy_caps in the error case to fix this memory leak.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1
The Linux kernel CVE team has assigned CVE-2025-39890 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.3 with commit d889913205cf7ebda905b1e62c5867ed4e39f6c2 and fixed in 6.6.94 with commit 99dbad1b01d3b2f361a9db55c1af1212be497a3d
Issue introduced in 6.3 with commit d889913205cf7ebda905b1e62c5867ed4e39f6c2 and fixed in 6.12.34 with commit 3a392f874ac83a77ad0e53eb8aafdbeb787c9298
Issue introduced in 6.3 with commit d889913205cf7ebda905b1e62c5867ed4e39f6c2 and fixed in 6.15.3 with commit 1089f65b2de78c7837ef6b4f26146a5a5b0b9749
Issue introduced in 6.3 with commit d889913205cf7ebda905b1e62c5867ed4e39f6c2 and fixed in 6.16 with commit 89142d34d5602c7447827beb181fa06eb08b9d5c
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-39890
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/net/wireless/ath/ath12k/wmi.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/99dbad1b01d3b2f361a9db55c1af1212be497a3d
https://git.kernel.org/stable/c/3a392f874ac83a77ad0e53eb8aafdbeb787c9298
https://git.kernel.org/stable/c/1089f65b2de78c7837ef6b4f26146a5a5b0b9749
https://git.kernel.org/stable/c/89142d34d5602c7447827beb181fa06eb08b9d5c
Powered by blists - more mailing lists