fkie_cve-2025-38406
Vulnerability from fkie_nvd
Published
2025-07-25 14:15
Modified
2025-07-25 15:29
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: remove WARN on bad firmware input If the firmware gives bad input, that's nothing to do with the driver's stack at this point etc., so the WARN_ON() doesn't add any value. Additionally, this is one of the top syzbot reports now. Just print a message, and as an added bonus, print the sizes too.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/27d07deea35ae67f2e75913242e25bdb7e1114e5
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/327997afbb5e62532c28c1861ab5534c01969c9a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/347827bd0c5680dac2dd59674616840c4d5154f1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/46b47d4b06fa7f234d93f0f8ac43798feafcff89
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7a2afdc5af3b82b601f6a2f0d1c90d5f0bc27aeb
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/89bd133529a4d2d68287128b357e49adc00ec690
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e6c49f0b203a987c306676d241066451b74db1a5
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e7417421d89358da071fd2930f91e67c7128fbff
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath6kl: remove WARN on bad firmware input\n\nIf the firmware gives bad input, that\u0027s nothing to do with\nthe driver\u0027s stack at this point etc., so the WARN_ON()\ndoesn\u0027t add any value. Additionally, this is one of the\ntop syzbot reports now. Just print a message, and as an\nadded bonus, print the sizes too."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath6kl: eliminar WARN sobre entrada de firmware incorrecta. Si el firmware genera una entrada incorrecta, no tiene nada que ver con la pila del controlador en este momento, etc., por lo que WARN_ON() no aporta ning\u00fan valor. Adem\u00e1s, este es uno de los principales reportes de syzbot. Simplemente imprime un mensaje y, como extra, tambi\u00e9n imprime los tama\u00f1os."
    }
  ],
  "id": "CVE-2025-38406",
  "lastModified": "2025-07-25T15:29:19.837",
  "metrics": {},
  "published": "2025-07-25T14:15:32.180",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/27d07deea35ae67f2e75913242e25bdb7e1114e5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/327997afbb5e62532c28c1861ab5534c01969c9a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/347827bd0c5680dac2dd59674616840c4d5154f1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/46b47d4b06fa7f234d93f0f8ac43798feafcff89"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7a2afdc5af3b82b601f6a2f0d1c90d5f0bc27aeb"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/89bd133529a4d2d68287128b357e49adc00ec690"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e6c49f0b203a987c306676d241066451b74db1a5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e7417421d89358da071fd2930f91e67c7128fbff"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.