CVE-2025-38199
ADVISORY - nistSummary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: Fix memory leak due to multiple rx_stats allocation
rx_stats for each arsta is allocated when adding a station. arsta->rx_stats will be freed when a station is removed.
Redundant allocations are occurring when the same station is added multiple times. This causes ath12k_mac_station_add() to be called multiple times, and rx_stats is allocated each time. As a result there is memory leaks.
Prevent multiple allocations of rx_stats when ath12k_mac_station_add() is called repeatedly by checking if rx_stats is already allocated before allocating again. Allocate arsta->rx_stats if arsta->rx_stats is NULL respectively.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3
Common Weakness Enumeration (CWE)
Missing Release of Memory after Effective Lifetime
Missing Release of Resource after Effective Lifetime
NIST
1.8
CVSS SCORE
5.5mediumDebian
-
CVSS SCORE
N/AlowUbuntu
1.8
CVSS SCORE
5.5mediumRed Hat
1.8
CVSS SCORE
5.5mediumChainguard
CGA-6xjm-p3mg-w4fg
-
Photon
CVE-2025-38199
-