Unrated severityNVD Advisory· Published Jul 3, 2025· Updated Jul 28, 2025
wifi: ath12k: fix uaf in ath12k_core_init()
CVE-2025-38116
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix uaf in ath12k_core_init()
When the execution of ath12k_core_hw_group_assign() or ath12k_core_hw_group_create() fails, the registered notifier chain is not unregistered properly. Its memory is freed after rmmod, which may trigger to a use-after-free (UAF) issue if there is a subsequent access to this notifier chain.
Fixes the issue by calling ath12k_core_panic_notifier_unregister() in failure cases.
Call trace: notifier_chain_register+0x4c/0x1f0 (P) atomic_notifier_chain_register+0x38/0x68 ath12k_core_init+0x50/0x4e8 [ath12k] ath12k_pci_probe+0x5f8/0xc28 [ath12k] pci_device_probe+0xbc/0x1a8 really_probe+0xc8/0x3a0 __driver_probe_device+0x84/0x1b0 driver_probe_device+0x44/0x130 __driver_attach+0xcc/0x208 bus_for_each_dev+0x84/0x100 driver_attach+0x2c/0x40 bus_add_driver+0x130/0x260 driver_register+0x70/0x138 __pci_register_driver+0x68/0x80 ath12k_pci_init+0x30/0x68 [ath12k] ath12k_init+0x28/0x78 [ath12k]
Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
Affected products
77- osv-coords75 versionspkg:rpm/almalinux/kernelpkg:rpm/almalinux/kernel-64kpkg:rpm/almalinux/kernel-64k-corepkg:rpm/almalinux/kernel-64k-debugpkg:rpm/almalinux/kernel-64k-debug-corepkg:rpm/almalinux/kernel-64k-debug-develpkg:rpm/almalinux/kernel-64k-debug-devel-matchedpkg:rpm/almalinux/kernel-64k-debug-modulespkg:rpm/almalinux/kernel-64k-debug-modules-corepkg:rpm/almalinux/kernel-64k-debug-modules-extrapkg:rpm/almalinux/kernel-64k-develpkg:rpm/almalinux/kernel-64k-devel-matchedpkg:rpm/almalinux/kernel-64k-modulespkg:rpm/almalinux/kernel-64k-modules-corepkg:rpm/almalinux/kernel-64k-modules-extrapkg:rpm/almalinux/kernel-abi-stablelistspkg:rpm/almalinux/kernel-corepkg:rpm/almalinux/kernel-cross-headerspkg:rpm/almalinux/kernel-debugpkg:rpm/almalinux/kernel-debug-corepkg:rpm/almalinux/kernel-debug-develpkg:rpm/almalinux/kernel-debug-devel-matchedpkg:rpm/almalinux/kernel-debug-modulespkg:rpm/almalinux/kernel-debug-modules-corepkg:rpm/almalinux/kernel-debug-modules-extrapkg:rpm/almalinux/kernel-debug-uki-virtpkg:rpm/almalinux/kernel-develpkg:rpm/almalinux/kernel-devel-matchedpkg:rpm/almalinux/kernel-docpkg:rpm/almalinux/kernel-headerspkg:rpm/almalinux/kernel-modulespkg:rpm/almalinux/kernel-modules-corepkg:rpm/almalinux/kernel-modules-extrapkg:rpm/almalinux/kernel-modules-extra-matchedpkg:rpm/almalinux/kernel-rtpkg:rpm/almalinux/kernel-rt-64kpkg:rpm/almalinux/kernel-rt-64k-corepkg:rpm/almalinux/kernel-rt-64k-debugpkg:rpm/almalinux/kernel-rt-64k-debug-corepkg:rpm/almalinux/kernel-rt-64k-debug-develpkg:rpm/almalinux/kernel-rt-64k-debug-modulespkg:rpm/almalinux/kernel-rt-64k-debug-modules-corepkg:rpm/almalinux/kernel-rt-64k-debug-modules-extrapkg:rpm/almalinux/kernel-rt-64k-develpkg:rpm/almalinux/kernel-rt-64k-modulespkg:rpm/almalinux/kernel-rt-64k-modules-corepkg:rpm/almalinux/kernel-rt-64k-modules-extrapkg:rpm/almalinux/kernel-rt-corepkg:rpm/almalinux/kernel-rt-debugpkg:rpm/almalinux/kernel-rt-debug-corepkg:rpm/almalinux/kernel-rt-debug-develpkg:rpm/almalinux/kernel-rt-debug-modulespkg:rpm/almalinux/kernel-rt-debug-modules-corepkg:rpm/almalinux/kernel-rt-debug-modules-extrapkg:rpm/almalinux/kernel-rt-develpkg:rpm/almalinux/kernel-rt-modulespkg:rpm/almalinux/kernel-rt-modules-corepkg:rpm/almalinux/kernel-rt-modules-extrapkg:rpm/almalinux/kernel-toolspkg:rpm/almalinux/kernel-tools-libspkg:rpm/almalinux/kernel-tools-libs-develpkg:rpm/almalinux/kernel-uki-virtpkg:rpm/almalinux/kernel-uki-virt-addonspkg:rpm/almalinux/kernel-zfcpdumppkg:rpm/almalinux/kernel-zfcpdump-corepkg:rpm/almalinux/kernel-zfcpdump-develpkg:rpm/almalinux/kernel-zfcpdump-devel-matchedpkg:rpm/almalinux/kernel-zfcpdump-modulespkg:rpm/almalinux/kernel-zfcpdump-modules-corepkg:rpm/almalinux/kernel-zfcpdump-modules-extrapkg:rpm/almalinux/libperfpkg:rpm/almalinux/perfpkg:rpm/almalinux/python3-perfpkg:rpm/almalinux/rtlapkg:rpm/almalinux/rv
< 6.12.0-124.8.1.el10_1+ 74 more
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.