Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-37943

Опубликовано: 20 мая 2025
Источник: redhat
CVSS3: 7
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields in the header within the ath12k_dp_rx_h_undecap_nwifi function for DP_RX_DECAP_TYPE_NATIVE_WIFI decap type and potentially resulting in invalid data access and memory corruption. Add a sanity check before processing the SKB to prevent invalid data access in the undecap native Wi-Fi function for the DP_RX_DECAP_TYPE_NATIVE_WIFI decap type. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1

Отчет

This vulnerability in the ath12k driver can be exploited when hardware which uses that driver provides malformed packets, specifically packets with a header length longer than permitted by the Wi-Fi specification. An attacker who can generate packets to be processed by this driver could exploit this flaw to alter kernel memory, resulting in the ability to escalate their privileges or otherwise compromise system integrity and stability. These drivers are not included in Red Hat Enterprise Linux 8 and previous, so those systems are unaffected.

Меры по смягчению последствий

To mitigate this issue, prevent the ath12k module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically. Note that this will make hardware that uses that chipset unavailable, so this mitigation is not suitable for systems that rely on Qualcomm Wi-Fi 7 network adapters.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernel-rtNot affected
Red Hat Enterprise Linux 10kernelFixedRHSA-2025:866909.06.2025
Red Hat Enterprise Linux 9kernelFixedRHSA-2025:864309.06.2025
Red Hat Enterprise Linux 9kernelFixedRHSA-2025:864309.06.2025
Red Hat Enterprise Linux 9kpatch-patchFixedRHSA-2025:906816.06.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-253
https://bugzilla.redhat.com/show_bug.cgi?id=2367748kernel: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi

EPSS

Процентиль: 5%
0.00024
Низкий

7 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-37943

ubuntu
29 дней назад

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields in the header within the ath12k_dp_rx_h_undecap_nwifi function for DP_RX_DECAP_TYPE_NATIVE_WIFI decap type and potentially resulting in invalid data access and memory corruption. Add a sanity check before processing the SKB to prevent invalid data access in the undecap native Wi-Fi function for the DP_RX_DECAP_TYPE_NATIVE_WIFI decap type. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1

nvd логотип

CVE-2025-37943

nvd
29 дней назад

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields in the header within the ath12k_dp_rx_h_undecap_nwifi function for DP_RX_DECAP_TYPE_NATIVE_WIFI decap type and potentially resulting in invalid data access and memory corruption. Add a sanity check before processing the SKB to prevent invalid data access in the undecap native Wi-Fi function for the DP_RX_DECAP_TYPE_NATIVE_WIFI decap type. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1

debian логотип

CVE-2025-37943

debian
29 дней назад

In the Linux kernel, the following vulnerability has been resolved: w ...

github логотип

GHSA-38h5-7v7x-v6pw

github
29 дней назад

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi In certain cases, hardware might provide packets with a length greater than the maximum native Wi-Fi header length. This can lead to accessing and modifying fields in the header within the ath12k_dp_rx_h_undecap_nwifi function for DP_RX_DECAP_TYPE_NATIVE_WIFI decap type and potentially resulting in invalid data access and memory corruption. Add a sanity check before processing the SKB to prevent invalid data access in the undecap native Wi-Fi function for the DP_RX_DECAP_TYPE_NATIVE_WIFI decap type. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1

oracle-oval логотип

ELSA-2025-8643

oracle-oval
9 дней назад

ELSA-2025-8643: kernel security update (IMPORTANT)

EPSS

Процентиль: 5%
0.00024
Низкий

7 High

CVSS3