CVE-2025-38199 (GCVE-0-2025-38199)
Vulnerability from cvelistv5
Published
2025-07-04 13:37
Modified
2025-07-28 04:14
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix memory leak due to multiple rx_stats allocation rx_stats for each arsta is allocated when adding a station. arsta->rx_stats will be freed when a station is removed. Redundant allocations are occurring when the same station is added multiple times. This causes ath12k_mac_station_add() to be called multiple times, and rx_stats is allocated each time. As a result there is memory leaks. Prevent multiple allocations of rx_stats when ath12k_mac_station_add() is called repeatedly by checking if rx_stats is already allocated before allocating again. Allocate arsta->rx_stats if arsta->rx_stats is NULL respectively. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
References
Impacted products
Vendor Product Version
Linux Linux Version: d889913205cf7ebda905b1e62c5867ed4e39f6c2
Version: d889913205cf7ebda905b1e62c5867ed4e39f6c2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath12k/mac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "232f962ae5fca98912a719e64b4964a5aec7c99b",
              "status": "affected",
              "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
              "versionType": "git"
            },
            {
              "lessThan": "c426497fa2055c8005196922e7d29c41d7e0948a",
              "status": "affected",
              "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath12k/mac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.4",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix memory leak due to multiple rx_stats allocation\n\nrx_stats for each arsta is allocated when adding a station.\narsta-\u003erx_stats will be freed when a station is removed.\n\nRedundant allocations are occurring when the same station is added\nmultiple times. This causes ath12k_mac_station_add() to be called\nmultiple times, and rx_stats is allocated each time. As a result there\nis memory leaks.\n\nPrevent multiple allocations of rx_stats when ath12k_mac_station_add()\nis called repeatedly by checking if rx_stats is already allocated\nbefore allocating again. Allocate arsta-\u003erx_stats if arsta-\u003erx_stats\nis NULL respectively.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T04:14:53.974Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/232f962ae5fca98912a719e64b4964a5aec7c99b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c426497fa2055c8005196922e7d29c41d7e0948a"
        }
      ],
      "title": "wifi: ath12k: Fix memory leak due to multiple rx_stats allocation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38199",
    "datePublished": "2025-07-04T13:37:21.227Z",
    "dateReserved": "2025-04-16T04:51:23.993Z",
    "dateUpdated": "2025-07-28T04:14:53.974Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-38199\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-07-04T14:15:27.707\",\"lastModified\":\"2025-07-08T16:18:53.607\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nwifi: ath12k: Fix memory leak due to multiple rx_stats allocation\\n\\nrx_stats for each arsta is allocated when adding a station.\\narsta-\u003erx_stats will be freed when a station is removed.\\n\\nRedundant allocations are occurring when the same station is added\\nmultiple times. This causes ath12k_mac_station_add() to be called\\nmultiple times, and rx_stats is allocated each time. As a result there\\nis memory leaks.\\n\\nPrevent multiple allocations of rx_stats when ath12k_mac_station_add()\\nis called repeatedly by checking if rx_stats is already allocated\\nbefore allocating again. Allocate arsta-\u003erx_stats if arsta-\u003erx_stats\\nis NULL respectively.\\n\\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath12k: Se solucion\u00f3 una fuga de memoria debido a la asignaci\u00f3n m\u00faltiple de rx_stats. rx_stats para cada arsta se asigna al a\u00f1adir una estaci\u00f3n. arsta-\u0026gt;rx_stats se liberar\u00e1 al eliminar una estaci\u00f3n. Se producen asignaciones redundantes cuando se a\u00f1ade la misma estaci\u00f3n varias veces. Esto provoca que ath12k_mac_station_add() se invoque varias veces y que rx_stats se asigne cada vez. Como resultado, se producen fugas de memoria. Evite las asignaciones m\u00faltiples de rx_stats cuando ath12k_mac_station_add() se invoque repetidamente comprobando si rx_stats ya est\u00e1 asignado antes de volver a asignarlo. Asigne arsta-\u0026gt;rx_stats si arsta-\u0026gt;rx_stats es NULL, respectivamente. Probado en: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Probado en: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/232f962ae5fca98912a719e64b4964a5aec7c99b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/c426497fa2055c8005196922e7d29c41d7e0948a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.