CVE-2025-38199
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38199
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38199.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38199
- Downstream
- Published
- 2025-07-04T14:15:27Z
- Modified
- 2025-08-30T18:42:16.112827Z
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: Fix memory leak due to multiple rx_stats allocation
rxstats for each arsta is allocated when adding a station. arsta->rxstats will be freed when a station is removed.
Redundant allocations are occurring when the same station is added multiple times. This causes ath12kmacstationadd() to be called multiple times, and rxstats is allocated each time. As a result there is memory leaks.
Prevent multiple allocations of rxstats when ath12kmacstationadd() is called repeatedly by checking if rxstats is already allocated before allocating again. Allocate arsta->rxstats if arsta->rx_stats is NULL respectively.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPLSILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPLV1.0V2.0SILICONZ-3
- References
Affected packages
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.16.3-1