{ "threat_severity" : "Moderate", "public_date" : "2025-07-04T00:00:00Z", "bugzilla" : { "description" : "kernel: wifi: ath12k: Fix memory leak due to multiple rx_stats allocation", "id" : "2376370", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2376370" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "draft" }, "cwe" : "CWE-772", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nwifi: ath12k: Fix memory leak due to multiple rx_stats allocation\nrx_stats for each arsta is allocated when adding a station.\narsta->rx_stats will be freed when a station is removed.\nRedundant allocations are occurring when the same station is added\nmultiple times. This causes ath12k_mac_station_add() to be called\nmultiple times, and rx_stats is allocated each time. As a result there\nis memory leaks.\nPrevent multiple allocations of rx_stats when ath12k_mac_station_add()\nis called repeatedly by checking if rx_stats is already allocated\nbefore allocating again. Allocate arsta->rx_stats if arsta->rx_stats\nis NULL respectively.\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3" ], "statement" : "A memory leak was fixed in the ath12k wireless driver. The issue occurred when ath12k_mac_station_add() was called multiple times for the same station, leading to repeated allocations of arsta->rx_stats without freeing the previously allocated memory. The fix ensures that rx_stats is only allocated if it hasn't been already, preventing redundant allocations. The Privileges Required for CVSS is Low (PR: L), because adding stations typically requires CAP_NET_ADMIN or equivalent system-level privileges. The related param CONFIG_ATH12K disabled for older versions of the Red Hat Enterprise Linux versions, so actual only for latest versions of the Red Hat Enterprise Linux 9 (where CONFIG_ATH12K=m).", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-38199\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38199\nhttps://lore.kernel.org/linux-cve-announce/2025070417-CVE-2025-38199-287e@gregkh/T" ], "name" : "CVE-2025-38199", "mitigation" : { "value" : "To mitigate this issue, prevent the `ath12k` module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically. Note that this will make hardware that uses that chipset unavailable, so this mitigation is not suitable for systems that rely on Qualcomm Wi-Fi 7 network adapters.", "lang" : "en:us" }, "csaw" : false }