CVE-2025-39761
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-39761
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39761.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-39761
- Downstream
- Related
- Published
- 2025-09-11T16:52:29Z
- Modified
- 2025-10-18T03:54:09.428300Z
- Summary
- wifi: ath12k: Decrement TID on RX peer frag setup error handling
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: Decrement TID on RX peer frag setup error handling
Currently, TID is not decremented before peer cleanup, during error handling path of ath12kdprxpeerfragsetup(). This could lead to out-of-bounds access in peer->rxtid[].
Hence, add a decrement operation for TID, before peer cleanup to ensures proper cleanup and prevents out-of-bounds access issues when the RX peer frag setup fails.
Found during code review. Compile tested only.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/7c0884fcd2ddde0544d2e77f297ae461e1f53f58
- https://git.kernel.org/stable/c/7c3e99fd4a66a5ac9c7dd32db07359666efe0002
- https://git.kernel.org/stable/c/9530d666f4376c294cdf4348c29fe3542fec980a
- https://git.kernel.org/stable/c/a3b73c72c42348bf1555fd2b00f32f941324b242
- https://git.kernel.org/stable/c/eb1e1526b82b8cf31f1ef9ca86a2647fb6cd89c6
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd889913205cf7ebda905b1e62c5867ed4e39f6c2Fixedeb1e1526b82b8cf31f1ef9ca86a2647fb6cd89c6
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd889913205cf7ebda905b1e62c5867ed4e39f6c2Fixed7c3e99fd4a66a5ac9c7dd32db07359666efe0002
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd889913205cf7ebda905b1e62c5867ed4e39f6c2Fixeda3b73c72c42348bf1555fd2b00f32f941324b242
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd889913205cf7ebda905b1e62c5867ed4e39f6c2Fixed9530d666f4376c294cdf4348c29fe3542fec980a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedd889913205cf7ebda905b1e62c5867ed4e39f6c2Fixed7c0884fcd2ddde0544d2e77f297ae461e1f53f58
Affected versions
v6.*
v6.1
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.15.1
v6.15.10
v6.15.2
v6.15.3
v6.15.4
v6.15.5
v6.15.6
v6.15.7
v6.15.8
v6.15.9
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.16.1
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.100
v6.6.101
v6.6.102
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.9
v6.6.90
v6.6.91
v6.6.92
v6.6.93
v6.6.94
v6.6.95
v6.6.96
v6.6.97
v6.6.98
v6.6.99
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Database specific
vanir_signatures
[
{
"id": "CVE-2025-39761-05f5f661",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a3b73c72c42348bf1555fd2b00f32f941324b242",
"digest": {
"line_hashes": [
"200980992504726859504759484838642509867",
"314015391102441758048267598789961967836",
"130901137700283252125232728031330103457",
"273641845251498989325483904545714867487"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2025-39761-54b0fe7d",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb1e1526b82b8cf31f1ef9ca86a2647fb6cd89c6",
"digest": {
"line_hashes": [
"200980992504726859504759484838642509867",
"314015391102441758048267598789961967836",
"130901137700283252125232728031330103457",
"273641845251498989325483904545714867487"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2025-39761-671884f5",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c",
"function": "ath12k_dp_peer_setup"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c0884fcd2ddde0544d2e77f297ae461e1f53f58",
"digest": {
"length": 1143.0,
"function_hash": "98629343363649647379207298714933750802"
},
"deprecated": false
},
{
"id": "CVE-2025-39761-76b8d1c1",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c",
"function": "ath12k_dp_peer_setup"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9530d666f4376c294cdf4348c29fe3542fec980a",
"digest": {
"length": 1150.0,
"function_hash": "127821438585092001314209188374474600563"
},
"deprecated": false
},
{
"id": "CVE-2025-39761-7c5150bf",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c",
"function": "ath12k_dp_peer_setup"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c3e99fd4a66a5ac9c7dd32db07359666efe0002",
"digest": {
"length": 1150.0,
"function_hash": "127821438585092001314209188374474600563"
},
"deprecated": false
},
{
"id": "CVE-2025-39761-7eb8e84f",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9530d666f4376c294cdf4348c29fe3542fec980a",
"digest": {
"line_hashes": [
"200980992504726859504759484838642509867",
"314015391102441758048267598789961967836",
"130901137700283252125232728031330103457",
"273641845251498989325483904545714867487"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2025-39761-a22924e0",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c",
"function": "ath12k_dp_peer_setup"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a3b73c72c42348bf1555fd2b00f32f941324b242",
"digest": {
"length": 1150.0,
"function_hash": "127821438585092001314209188374474600563"
},
"deprecated": false
},
{
"id": "CVE-2025-39761-c477849b",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c",
"function": "ath12k_dp_peer_setup"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@eb1e1526b82b8cf31f1ef9ca86a2647fb6cd89c6",
"digest": {
"length": 1150.0,
"function_hash": "127821438585092001314209188374474600563"
},
"deprecated": false
},
{
"id": "CVE-2025-39761-d0a10f41",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c0884fcd2ddde0544d2e77f297ae461e1f53f58",
"digest": {
"line_hashes": [
"200980992504726859504759484838642509867",
"314015391102441758048267598789961967836",
"130901137700283252125232728031330103457",
"273641845251498989325483904545714867487"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2025-39761-da3efb0c",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@7c3e99fd4a66a5ac9c7dd32db07359666efe0002",
"digest": {
"line_hashes": [
"200980992504726859504759484838642509867",
"314015391102441758048267598789961967836",
"130901137700283252125232728031330103457",
"273641845251498989325483904545714867487"
],
"threshold": 0.9
},
"deprecated": false
}
]