{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-39890","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.145Z","datePublished":"2025-09-24T11:02:53.539Z","dateUpdated":"2026-05-11T21:38:24.347Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:38:24.347Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix memory leak in ath12k_service_ready_ext_event\n\nCurrently, in ath12k_service_ready_ext_event(), svc_rdy_ext.mac_phy_caps\nis not freed in the failure case, causing a memory leak. The following\ntrace is observed in kmemleak:\n\nunreferenced object 0xffff8b3eb5789c00 (size 1024):\n comm \"softirq\", pid 0, jiffies 4294942577\n hex dump (first 32 bytes):\n   00 00 00 00 01 00 00 00 00 00 00 00 7b 00 00 10  ............{...\n   01 00 00 00 00 00 00 00 01 00 00 00 1f 38 00 00  .............8..\n backtrace (crc 44e1c357):\n   __kmalloc_noprof+0x30b/0x410\n   ath12k_wmi_mac_phy_caps_parse+0x84/0x100 [ath12k]\n   ath12k_wmi_tlv_iter+0x5e/0x140 [ath12k]\n   ath12k_wmi_svc_rdy_ext_parse+0x308/0x4c0 [ath12k]\n   ath12k_wmi_tlv_iter+0x5e/0x140 [ath12k]\n   ath12k_service_ready_ext_event.isra.0+0x44/0xd0 [ath12k]\n   ath12k_wmi_op_rx+0x2eb/0xd70 [ath12k]\n   ath12k_htc_rx_completion_handler+0x1f4/0x330 [ath12k]\n   ath12k_ce_recv_process_cb+0x218/0x300 [ath12k]\n   ath12k_pci_ce_workqueue+0x1b/0x30 [ath12k]\n   process_one_work+0x219/0x680\n   bh_worker+0x198/0x1f0\n   tasklet_action+0x13/0x30\n   handle_softirqs+0xca/0x460\n   __irq_exit_rcu+0xbe/0x110\n   irq_exit_rcu+0x9/0x30\n\nFree svc_rdy_ext.mac_phy_caps in the error case to fix this memory leak.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/ath/ath12k/wmi.c"],"versions":[{"version":"d889913205cf7ebda905b1e62c5867ed4e39f6c2","lessThan":"99dbad1b01d3b2f361a9db55c1af1212be497a3d","status":"affected","versionType":"git"},{"version":"d889913205cf7ebda905b1e62c5867ed4e39f6c2","lessThan":"3a392f874ac83a77ad0e53eb8aafdbeb787c9298","status":"affected","versionType":"git"},{"version":"d889913205cf7ebda905b1e62c5867ed4e39f6c2","lessThan":"1089f65b2de78c7837ef6b4f26146a5a5b0b9749","status":"affected","versionType":"git"},{"version":"d889913205cf7ebda905b1e62c5867ed4e39f6c2","lessThan":"89142d34d5602c7447827beb181fa06eb08b9d5c","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/ath/ath12k/wmi.c"],"versions":[{"version":"6.3","status":"affected"},{"version":"0","lessThan":"6.3","status":"unaffected","versionType":"semver"},{"version":"6.6.94","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.34","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.3","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.6.94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.12.34"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.15.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/99dbad1b01d3b2f361a9db55c1af1212be497a3d"},{"url":"https://git.kernel.org/stable/c/3a392f874ac83a77ad0e53eb8aafdbeb787c9298"},{"url":"https://git.kernel.org/stable/c/1089f65b2de78c7837ef6b4f26146a5a5b0b9749"},{"url":"https://git.kernel.org/stable/c/89142d34d5602c7447827beb181fa06eb08b9d5c"}],"title":"wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-401","lang":"en","description":"CWE-401 Missing Release of Memory after Effective Lifetime"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":5.5,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"LOW","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2026-01-14T17:35:11.239595Z","id":"CVE-2025-39890","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-14T17:35:29.384Z"}}]}}