AZL-70813

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70813.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-70813

Upstream

CVE-2025-39746

Published

2025-09-11T17:15:37Z

Modified

2026-04-01T05:21:59.430346Z

Summary

CVE-2025-39746 affecting package kernel 5.15.200.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath10k: shutdown driver when hardware is unreliable

In rare cases, ath10k may lose connection with the PCIe bus due to some unknown reasons, which could further lead to system crashes during resuming due to watchdog timeout:

ath10kpci 0000:01:00.0: wmi command 20486 timeout, restarting hardware ath10kpci 0000:01:00.0: already restarting ath10kpci 0000:01:00.0: failed to stop WMI vdev 0: -11 ath10kpci 0000:01:00.0: failed to stop vdev 0: -11 ieee80211 phy0: PM: **** DPM device timeout **** Call Trace: panic+0x125/0x315 dpmwatchdogset+0x54/0x54 dpmwatchdoghandler+0x57/0x57 calltimerfn+0x31/0x13c

At this point, all WMI commands will timeout and attempt to restart device. So set a threshold for consecutive restart failures. If the threshold is exceeded, consider the hardware is unreliable and all ath10k operations should be skipped to avoid system crash.

failcontcount and pending_recovery are atomic variables, and do not involve complex conditional logic. Therefore, even if recovery check and reconfig complete are executed concurrently, the recovery mechanism will not be broken.

Tested-on: QCA6174 hw3.2 PCI WLAN.RM.4.4.1-00288-QCARMSWPZ-1

References

https://nvd.nist.gov/vuln/detail/CVE-2025-39746

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.15.200.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-70813.json"