CVE-2025-38157

Source
https://cve.org/CVERecord?id=CVE-2025-38157
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38157.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-38157
Downstream
Related
Published
2025-07-03T08:35:59.734Z
Modified
2026-07-11T03:55:07.389553306Z
Summary
wifi: ath9k_htc: Abort software beacon handling if disabled
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath9k_htc: Abort software beacon handling if disabled

A malicious USB device can send a WMISWBAEVENTID event from an ath9k_htc-managed device before beaconing has been enabled. This causes a device-by-zero error in the driver, leading to either a crash or an out of bounds read.

Prevent this by aborting the handling in ath9khtcswba() if beacons are not enabled.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38157.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
832f6a18fc2aead14954c081ece03b7a5b425f81
Fixed
e5ce9df1d68094d37360dbd9b09289d42fa21e54
Fixed
0281c19074976ec48f0078d50530b406ddae75bc
Fixed
7ee3fb6258da8c890a51b514f60d7570dc703605
Fixed
40471b23147c86ea3ed97faee79937c618250bd0
Fixed
5482ef9875eaa43f0435e14570e1193823de857e
Fixed
ee5ee646385f5846dcbc881389f3c44a197c402a
Fixed
5a85c21f812e02cb00ca07007d88acdd42d08c46
Fixed
ac4e317a95a1092b5da5b9918b7118759342641c

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38157.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
5.4.295
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.239
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.186
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.142
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.94
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.34
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.15.3

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38157.json"