CVE-2025-39890

Currently, in ath12kservicereadyextevent(), svcrdyext.macphycaps is not freed in the failure case, causing a memory leak. The following trace is observed in kmemleak:

unreferenced object 0xffff8b3eb5789c00 (size 1024): comm "softirq", pid 0, jiffies 4294942577 hex dump (first 32 bytes): 00 00 00 00 01 00 00 00 00 00 00 00 7b 00 00 10 ............{... 01 00 00 00 00 00 00 00 01 00 00 00 1f 38 00 00 .............8.. backtrace (crc 44e1c357): _kmallocnoprof+0x30b/0x410 ath12kwmimacphycapsparse+0x84/0x100 [ath12k] ath12kwmitlviter+0x5e/0x140 [ath12k] ath12kwmisvcrdyextparse+0x308/0x4c0 [ath12k] ath12kwmitlviter+0x5e/0x140 [ath12k] ath12kservicereadyextevent.isra.0+0x44/0xd0 [ath12k] ath12kwmioprx+0x2eb/0xd70 [ath12k] ath12khtcrxcompletionhandler+0x1f4/0x330 [ath12k] ath12kcerecvprocesscb+0x218/0x300 [ath12k] ath12kpciceworkqueue+0x1b/0x30 [ath12k] processonework+0x219/0x680 bhworker+0x198/0x1f0 taskletaction+0x13/0x30 handlesoftirqs+0xca/0x460 _irqexitrcu+0xbe/0x110 irqexitrcu+0x9/0x30

Free svcrdyext.macphycaps in the error case to fix this memory leak.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/ee626f5d79d5817bb21d6f048dc0da4c4e383443/cves/2025/39xxx/CVE-2025-39890.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d889913205cf7ebda905b1e62c5867ed4e39f6c2

Fixed

99dbad1b01d3b2f361a9db55c1af1212be497a3d

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d889913205cf7ebda905b1e62c5867ed4e39f6c2

Fixed

3a392f874ac83a77ad0e53eb8aafdbeb787c9298

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d889913205cf7ebda905b1e62c5867ed4e39f6c2

Fixed

1089f65b2de78c7837ef6b4f26146a5a5b0b9749

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d889913205cf7ebda905b1e62c5867ed4e39f6c2

Fixed

89142d34d5602c7447827beb181fa06eb08b9d5c

Affected versions

v6.*

v6.1

v6.1-rc6

v6.1-rc7

v6.1-rc8

v6.10

v6.10-rc1

v6.10-rc2

v6.10-rc3

v6.10-rc4

v6.10-rc5

v6.10-rc6

v6.10-rc7

v6.11

v6.11-rc1

v6.11-rc2

v6.11-rc3

v6.11-rc4

v6.11-rc5

v6.11-rc6

v6.11-rc7

v6.12

v6.12-rc1

v6.12-rc2

v6.12-rc3

v6.12-rc4

v6.12-rc5

v6.12-rc6

v6.12-rc7

v6.12.1

v6.12.10

v6.12.11

v6.12.12

v6.12.13

v6.12.14

v6.12.15

v6.12.16

v6.12.17

v6.12.18

v6.12.19

v6.12.2

v6.12.20

v6.12.21

v6.12.22

v6.12.23

v6.12.24

v6.12.25

v6.12.26

v6.12.27

v6.12.28

v6.12.29

v6.12.3

v6.12.30

v6.12.31

v6.12.32

v6.12.33

v6.12.4

v6.12.5

v6.12.6

v6.12.7

v6.12.8

v6.12.9

v6.13

v6.13-rc1

v6.13-rc2

v6.13-rc3

v6.13-rc4

v6.13-rc5

v6.13-rc6

v6.13-rc7

v6.14

v6.14-rc1

v6.14-rc2

v6.14-rc3

v6.14-rc4

v6.14-rc5

v6.14-rc6

v6.14-rc7

v6.15

v6.15-rc1

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.15.1

v6.15.2

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.5

v6.5-rc1

v6.5-rc2

v6.5-rc3

v6.5-rc4

v6.5-rc5

v6.5-rc6

v6.5-rc7

v6.6

v6.6-rc1

v6.6-rc2

v6.6-rc3

v6.6-rc4

v6.6-rc5

v6.6-rc6

v6.6-rc7

v6.6.1

v6.6.10

v6.6.11

v6.6.12

v6.6.13

v6.6.14

v6.6.15

v6.6.16

v6.6.17

v6.6.18

v6.6.19

v6.6.2

v6.6.20

v6.6.21

v6.6.22

v6.6.23

v6.6.24

v6.6.25

v6.6.26

v6.6.27

v6.6.28

v6.6.29

v6.6.3

v6.6.30

v6.6.31

v6.6.32

v6.6.33

v6.6.34

v6.6.35

v6.6.36

v6.6.37

v6.6.38

v6.6.39

v6.6.4

v6.6.40

v6.6.41

v6.6.42

v6.6.43

v6.6.44

v6.6.45

v6.6.46

v6.6.47

v6.6.48

v6.6.49

v6.6.5

v6.6.50

v6.6.51

v6.6.52

v6.6.53

v6.6.54

v6.6.55

v6.6.56

v6.6.57

v6.6.58

v6.6.59

v6.6.6

v6.6.60

v6.6.61

v6.6.62

v6.6.63

v6.6.64

v6.6.65

v6.6.66

v6.6.67

v6.6.68

v6.6.69

v6.6.7

v6.6.70

v6.6.71

v6.6.72

v6.6.73

v6.6.74

v6.6.75

v6.6.76

v6.6.77

v6.6.78

v6.6.79

v6.6.8

v6.6.80

v6.6.81

v6.6.82

v6.6.83

v6.6.84

v6.6.85

v6.6.86

v6.6.87

v6.6.88

v6.6.89

v6.6.9

v6.6.90

v6.6.91

v6.6.92

v6.6.93

v6.7

v6.7-rc1

v6.7-rc2

v6.7-rc3

v6.7-rc4

v6.7-rc5

v6.7-rc6

v6.7-rc7

v6.7-rc8

v6.8

v6.8-rc1

v6.8-rc2

v6.8-rc3

v6.8-rc4

v6.8-rc5

v6.8-rc6

v6.8-rc7

v6.9

v6.9-rc1

v6.9-rc2

v6.9-rc3

v6.9-rc4

v6.9-rc5

v6.9-rc6

v6.9-rc7

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 531.0,
            "function_hash": "54206749216049817174836136848702275364"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a392f874ac83a77ad0e53eb8aafdbeb787c9298",
        "deprecated": false,
        "id": "CVE-2025-39890-0283f2c6",
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "function": "ath12k_service_ready_ext_event",
            "file": "drivers/net/wireless/ath/ath12k/wmi.c"
        }
    },
    {
        "digest": {
            "length": 531.0,
            "function_hash": "54206749216049817174836136848702275364"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1089f65b2de78c7837ef6b4f26146a5a5b0b9749",
        "deprecated": false,
        "id": "CVE-2025-39890-187eebd7",
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "function": "ath12k_service_ready_ext_event",
            "file": "drivers/net/wireless/ath/ath12k/wmi.c"
        }
    },
    {
        "digest": {
            "length": 531.0,
            "function_hash": "54206749216049817174836136848702275364"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89142d34d5602c7447827beb181fa06eb08b9d5c",
        "deprecated": false,
        "id": "CVE-2025-39890-29e2265f",
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "function": "ath12k_service_ready_ext_event",
            "file": "drivers/net/wireless/ath/ath12k/wmi.c"
        }
    },
    {
        "digest": {
            "length": 531.0,
            "function_hash": "54206749216049817174836136848702275364"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@99dbad1b01d3b2f361a9db55c1af1212be497a3d",
        "deprecated": false,
        "id": "CVE-2025-39890-718c622e",
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "function": "ath12k_service_ready_ext_event",
            "file": "drivers/net/wireless/ath/ath12k/wmi.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "151203781367106503430214595928590400695",
                "303477719185583528211405864128730000911",
                "160326796229596461889421308844546507486",
                "170229627790614660804418036229724812021"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a392f874ac83a77ad0e53eb8aafdbeb787c9298",
        "deprecated": false,
        "id": "CVE-2025-39890-88322598",
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/net/wireless/ath/ath12k/wmi.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "151203781367106503430214595928590400695",
                "303477719185583528211405864128730000911",
                "160326796229596461889421308844546507486",
                "170229627790614660804418036229724812021"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1089f65b2de78c7837ef6b4f26146a5a5b0b9749",
        "deprecated": false,
        "id": "CVE-2025-39890-9bafab15",
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/net/wireless/ath/ath12k/wmi.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "151203781367106503430214595928590400695",
                "303477719185583528211405864128730000911",
                "160326796229596461889421308844546507486",
                "170229627790614660804418036229724812021"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@99dbad1b01d3b2f361a9db55c1af1212be497a3d",
        "deprecated": false,
        "id": "CVE-2025-39890-bc489079",
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/net/wireless/ath/ath12k/wmi.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "151203781367106503430214595928590400695",
                "303477719185583528211405864128730000911",
                "160326796229596461889421308844546507486",
                "170229627790614660804418036229724812021"
            ]
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@89142d34d5602c7447827beb181fa06eb08b9d5c",
        "deprecated": false,
        "id": "CVE-2025-39890-bed31fd7",
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/net/wireless/ath/ath12k/wmi.c"
        }
    }
]

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.3.0

Fixed

6.6.94

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.34

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.15.3