CVE-2025-68380

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath11k: fix peer HE MCS assignment

In ath11kwmisendpeerassoc_cmd(), peer's transmit MCS is sent to firmware as receive MCS while peer's receive MCS sent as transmit MCS, which goes against firmwire's definition.

While connecting to a misbehaved AP that advertises 0xffff (meaning not supported) for 160 MHz transmit MCS map, firmware crashes due to 0xffff is assigned to hemcs->rxmcs_set field.

Ext Tag: HE Capabilities
    [...]
    Supported HE-MCS and NSS Set
    [...]
        Rx and Tx MCS Maps 160 MHz
        [...]
            Tx HE-MCS Map 160 MHz: 0xffff

Swap the assignment to fix this issue.

As the HE rate control mask is meant to limit our own transmit MCS, it needs to go via hemcs->rxmcs_set field. With the aforementioned swapping done, change is needed as well to apply it to the peer's receive MCS.

Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPLV1V2SILICONZLITE-3.6510.41 Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1