Memory Leak Vulnerability in ath12k on Linux Kernel
CVE-2025-38199

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-38199?

A memory leak vulnerability exists in the ath12k component of the Linux kernel that leads to redundant allocations of rx_stats when the same station is added multiple times. This bug results in increasing memory usage as the function ath12k_mac_station_add() is invoked repeatedly without freeing previously allocated resources. To mitigate this issue, the function should check for existing allocations of rx_stats before proceeding with new allocations, ensuring that memory management is handled efficiently and leaks are prevented.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 232f962ae5fca98912a719e64b4964a5aec7c99b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 6.15.4 <= 6.15.*

References

https://git.kernel.org/stable/c/232f962ae5fca98912a719e64...

https://git.kernel.org/stable/c/c426497fa2055c8005196922e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Apr 16, 2025