PT-2025-29010 · Ath12K+6 · Ath12K+6

Anubis

·

Published

2025-04-16

·

Updated

2026-04-20

·

CVE-2025-38290

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions:

Linux kernel (affected versions not specified)

Description:

A flaw exists in the Linux kernel's Wi-Fi subsystem related to the ath12k driver. The issue involves potential corruption of nodes within the ar->arvifs list during WLAN recovery. Specifically, the ath12k core halt() function only reinitializes the list head, leading to invalid list nodes when a WLAN recovery occurs during Virtual Interface (VIF) removal. This can trigger a kernel panic when list del() detects the invalid node state within the ath12k mac vdev delete() function. The fix involves removing and reinitializing all VIF list nodes from the arvifs list head during WLAN halt to ensure list node validity.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Weakness Enumeration

CWE-672CWE-362

Related Identifiers

BDU:2025-08629
CVE-2025-38290
MGASA-2025-0218
MGASA-2025-0219
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7789-1
USN-7789-2
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu
Ath12K