PT-2025-29014 · Linux+4 · Linux Kernel+4

Published

2025-03-24

Updated

2025-12-03

CVE-2025-38294

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: A flaw exists in the Linux kernel's wifi subsystem, specifically within the ath12k driver. A null access issue occurs in the assign channel context handler when ath12k mac assign vif to vdev() fails. This results in accessing a null radio handle (ar) from the link VIF handle (arvif) during debug logging. The issue is resolved by migrating debug logging to the ath12k hw warn hardware debug logging helper function, preventing access to the null radio handle.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-20

Related Identifiers

BDU:2025-08623

CVE-2025-38294

USN-7769-1

USN-7769-2

USN-7769-3

USN-7770-1

USN-7771-1

USN-7789-1

USN-7789-2

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Ubuntu

Ath12K

PT-2025-29014 · Linux+4 · Linux Kernel+4

CVE-2025-38294

Weakness Enumeration

Related Identifiers

Affected Products

References · 213