| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi\n\nIn certain cases, hardware might provide packets with a\nlength greater than the maximum native Wi-Fi header length.\nThis can lead to accessing and modifying fields in the header\nwithin the ath12k_dp_rx_h_undecap_nwifi function for\nDP_RX_DECAP_TYPE_NATIVE_WIFI decap type and\npotentially resulting in invalid data access and memory corruption.\n\nAdd a sanity check before processing the SKB to prevent invalid\ndata access in the undecap native Wi-Fi function for the\nDP_RX_DECAP_TYPE_NATIVE_WIFI decap type.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1" |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/net/wireless/ath/ath12k/dp_rx.c" |
| ], |
| "versions": [ |
| { |
| "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2", |
| "lessThan": "7f1d986da5c6abb75ffe4d0d325fc9b341c41a1c", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2", |
| "lessThan": "3abe15e756481c45f6acba3d476cb3ca4afc3b61", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2", |
| "lessThan": "6ee653194ddb83674913fd2727b8ecfae0597ade", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2", |
| "lessThan": "50be1fb76556e80af9f5da80f28168b6c71bce58", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2", |
| "lessThan": "9a0dddfb30f120db3851627935851d262e4e7acb", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/net/wireless/ath/ath12k/dp_rx.c" |
| ], |
| "versions": [ |
| { |
| "version": "6.3", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "6.3", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.6.88", |
| "lessThanOrEqual": "6.6.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.12.24", |
| "lessThanOrEqual": "6.12.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.13.12", |
| "lessThanOrEqual": "6.13.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.14.3", |
| "lessThanOrEqual": "6.14.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "6.15", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.3", |
| "versionEndExcluding": "6.6.88" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.3", |
| "versionEndExcluding": "6.12.24" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.3", |
| "versionEndExcluding": "6.13.12" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.3", |
| "versionEndExcluding": "6.14.3" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "6.3", |
| "versionEndExcluding": "6.15" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/7f1d986da5c6abb75ffe4d0d325fc9b341c41a1c" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/3abe15e756481c45f6acba3d476cb3ca4afc3b61" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/6ee653194ddb83674913fd2727b8ecfae0597ade" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/50be1fb76556e80af9f5da80f28168b6c71bce58" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/9a0dddfb30f120db3851627935851d262e4e7acb" |
| } |
| ], |
| "title": "wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2025-37943", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
