PT-2025-33803 · Ath12K+6 · Ath12K+6

Published

2025-06-06

·

Updated

2026-04-20

·

CVE-2025-38605

CVSS v2.0

6.0

Medium

VectorAV:L/AC:H/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The Linux kernel contains a flaw within the ath12k driver where a NULL pointer dereference could occur in ath12k dp tx get encap type() during a vdev delete sequence. This occurs because the arvif->ar pointer could become NULL, leading to a kernel panic. The issue is resolved by passing a valid ab pointer directly to the function, avoiding the dereference. The function ath12k dp tx() is involved in the process, as are functions ath12k mac tx check max limit(), ieee80211 process measurement req(), ieee80211 tx dequeue(), ieee80211 tx prepare skb(), ieee80211 xmit(), ieee80211 subif start xmit(), ieee80211 subif start xmit(), netdev start xmit(), and dev hard start xmit().
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-476

Related Identifiers

BDU:2026-02844
CVE-2025-38605
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:03290-1
SUSE-SU-2025:03382-1
SUSE-SU-2025:03600-1
SUSE-SU-2025:03601-1
SUSE-SU-2025:03602-1
SUSE-SU-2025:03633-1
SUSE-SU-2025:03634-1
SUSE-SU-2025:20851-1
SUSE-SU-2025:20861-1
SUSE-SU-2025:20870-1
SUSE-SU-2025:20898-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025:3751-1
SUSE-SU-2025_03290-1
SUSE-SU-2025_03382-1
USN-7879-1
USN-7879-2
USN-7879-3
USN-7879-4
USN-7880-1
USN-7934-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu
Ath12K