CVE-2025-39761

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-39761
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39761.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-39761
Downstream
Related
Published
2025-09-11T16:52:29.788Z
Modified
2026-03-20T12:43:02.310872Z
Summary
wifi: ath12k: Decrement TID on RX peer frag setup error handling
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: Decrement TID on RX peer frag setup error handling

Currently, TID is not decremented before peer cleanup, during error handling path of ath12kdprxpeerfragsetup(). This could lead to out-of-bounds access in peer->rxtid[].

Hence, add a decrement operation for TID, before peer cleanup to ensures proper cleanup and prevents out-of-bounds access issues when the RX peer frag setup fails.

Found during code review. Compile tested only.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39761.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d889913205cf7ebda905b1e62c5867ed4e39f6c2
Fixed
eb1e1526b82b8cf31f1ef9ca86a2647fb6cd89c6
Fixed
7c3e99fd4a66a5ac9c7dd32db07359666efe0002
Fixed
a3b73c72c42348bf1555fd2b00f32f941324b242
Fixed
9530d666f4376c294cdf4348c29fe3542fec980a
Fixed
7c0884fcd2ddde0544d2e77f297ae461e1f53f58

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39761.json"