In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix invalid access to memory
In ath12kdprxmsducoalesce(), rxcb is fetched from skb and boolean iscontinuation is part of rxcb. Currently, after freeing the skb, the rxcb->iscontinuation accessed again which is wrong since the memory is already freed. This might lead use-after-free error.
Hence, fix by locally defining bool iscontinuation from rxcb, so that after freeing skb, iscontinuation can be used.
Compile tested only.
[
{
"digest": {
"function_hash": "59590064340938818090000774811446962530",
"length": 1471.0
},
"signature_type": "Function",
"target": {
"function": "ath12k_dp_rx_msdu_coalesce",
"file": "drivers/net/wireless/ath/ath12k/dp_rx.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9f17747fbda6fca934854463873c4abf8061491d",
"id": "CVE-2025-38292-48bfc5bb"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"333558664131610403175053240212043943947",
"23163625407901604220483244914820038827",
"301759173122257290712891996266707163028",
"234367971767814676969932184571380972135",
"16148081456694926184252509776662329346",
"25291703724099058175075681645302929777",
"175209899314940453620129593400363468558",
"157948468688506695788386311926953498",
"62139870447953793452542576312781160657",
"141877891450593377735621897306415359500",
"97188426099269977709982297024658415753",
"63481391882394874477800422442576019053"
]
},
"signature_type": "Line",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp_rx.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9f17747fbda6fca934854463873c4abf8061491d",
"id": "CVE-2025-38292-5a8dfd64"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"333558664131610403175053240212043943947",
"23163625407901604220483244914820038827",
"301759173122257290712891996266707163028",
"234367971767814676969932184571380972135",
"16148081456694926184252509776662329346",
"25291703724099058175075681645302929777",
"175209899314940453620129593400363468558",
"157948468688506695788386311926953498",
"62139870447953793452542576312781160657",
"141877891450593377735621897306415359500",
"97188426099269977709982297024658415753",
"63481391882394874477800422442576019053"
]
},
"signature_type": "Line",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp_rx.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f09d16cd57764c95c8548fe5b70672c9ac01127",
"id": "CVE-2025-38292-722d794e"
},
{
"digest": {
"function_hash": "59590064340938818090000774811446962530",
"length": 1471.0
},
"signature_type": "Function",
"target": {
"function": "ath12k_dp_rx_msdu_coalesce",
"file": "drivers/net/wireless/ath/ath12k/dp_rx.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5f09d16cd57764c95c8548fe5b70672c9ac01127",
"id": "CVE-2025-38292-bbc97215"
},
{
"digest": {
"function_hash": "59590064340938818090000774811446962530",
"length": 1471.0
},
"signature_type": "Function",
"target": {
"function": "ath12k_dp_rx_msdu_coalesce",
"file": "drivers/net/wireless/ath/ath12k/dp_rx.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@371b340affa52f280f6eadfd25fbd43f09f0d5c0",
"id": "CVE-2025-38292-d8395f47"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"333558664131610403175053240212043943947",
"23163625407901604220483244914820038827",
"301759173122257290712891996266707163028",
"234367971767814676969932184571380972135",
"16148081456694926184252509776662329346",
"25291703724099058175075681645302929777",
"175209899314940453620129593400363468558",
"157948468688506695788386311926953498",
"62139870447953793452542576312781160657",
"141877891450593377735621897306415359500",
"97188426099269977709982297024658415753",
"63481391882394874477800422442576019053"
]
},
"signature_type": "Line",
"target": {
"file": "drivers/net/wireless/ath/ath12k/dp_rx.c"
},
"deprecated": false,
"signature_version": "v1",
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@371b340affa52f280f6eadfd25fbd43f09f0d5c0",
"id": "CVE-2025-38292-ea3a10d9"
}
]