CVE-2025-39890

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a memory leak within the ath12k service ready ext event() function. Specifically, the svc rdy ext.mac phy caps memory is not freed in failure scenarios, leading to a memory leak. The issue is observed through kmemleak analysis, with a trace indicating the unreferenced object and a backtrace involving functions such as ath12k wmi mac phy caps parse(), ath12k wmi tlv iter(), ath12k wmi svc rdy ext parse(), ath12k service ready ext event.isra.0(), ath12k wmi op rx(), ath12k htc rx completion handler(), ath12k ce recv process cb(), ath12k pci ce workqueue(), process one work(), bh worker(), tasklet action(), handle softirqs(), irq exit rcu(), and irq exit rcu().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

BDU:2025-13170

CVE-2025-39890

OPENSUSE-SU-2025:20081-1

SUSE-SU-2025:03601-1

SUSE-SU-2025:03633-1

SUSE-SU-2025:21074-1

SUSE-SU-2025:21139-1

SUSE-SU-2025:21179-1

SUSE-SU-2025:3725-1

SUSE-SU-2026:0293-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-7769-3

USN-7789-1

USN-7789-2

USN-8028-1

USN-8028-2

USN-8028-3

USN-8028-4

USN-8028-5

USN-8028-6

USN-8028-7

USN-8028-8

USN-8031-1

USN-8031-2

USN-8031-3

USN-8052-1

USN-8052-2

USN-8074-1

USN-8074-2

USN-8126-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Suse

Ubuntu

CVE-2025-39890

Weakness Enumeration

Related Identifiers

Affected Products

References · 4016