CVE-2025-37794

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.0

Description A vulnerability in the Linux kernel's wifi mac80211 module allows a potential driver crash due to a null pointer dereference. After the ieee80211 do stop() function is called, the SKB from the vif's txq could still be processed, leading to a crash if ath12k mac op tx() is called afterwards. This issue can be triggered by a concurrent call to vif schedule and wake txq, causing packets to be dequeued without checking the current state of sdata. The estimated number of potentially affected devices is not provided.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, for Linux kernel versions prior to 6.13.0, apply the patch that empties the vif's txq at ieee80211 do stop() to prevent packets from being dequeued after this function is called. As a temporary workaround, consider disabling the ath12k mac op tx() function until a patch is available.