Linux Kernel Vulnerability in ath9k_htc Driver Leading to Device Crashes
CVE-2025-38157

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38157?

A vulnerability in the ath9k_htc driver within the Linux kernel allows a malicious USB device to trigger an event (WMI_SWBA_EVENTID) before beaconing is enabled. This results in a device-by-zero error, which can cause crashes or out of bounds reads, posing a risk to system stability. The vulnerability can be mitigated by aborting the event handling in the driver when beacons are not enabled.

Affected Version(s)

Linux 832f6a18fc2aead14954c081ece03b7a5b425f81

Linux 832f6a18fc2aead14954c081ece03b7a5b425f81 < 0281c19074976ec48f0078d50530b406ddae75bc

Linux 832f6a18fc2aead14954c081ece03b7a5b425f81 < 7ee3fb6258da8c890a51b514f60d7570dc703605

References

https://git.kernel.org/stable/c/e5ce9df1d68094d37360dbd9b...

https://git.kernel.org/stable/c/0281c19074976ec48f0078d50...

https://git.kernel.org/stable/c/7ee3fb6258da8c890a51b514f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025