Memory Leak in Ath12k Service Ready Event for Linux Kernel
CVE-2025-39890

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 September 2025

What is CVE-2025-39890?

A memory leak vulnerability has been identified in the ath12k driver of the Linux kernel. Specifically, the function ath12k_service_ready_ext_event fails to free the 'svc_rdy_ext.mac_phy_caps' structure when an error occurs, leading to unreferenced objects that remain in memory. This flaw can cause increased memory usage over time, potentially leading to system instability. The issue has been documented and addressed in updates to ensure proper memory management and the prevention of leaks during failure scenarios.

Affected Version(s)

Linux d889913205cf7ebda905b1e62c5867ed4e39f6c2 < 99dbad1b01d3b2f361a9db55c1af1212be497a3d

Linux d889913205cf7ebda905b1e62c5867ed4e39f6c2 < 3a392f874ac83a77ad0e53eb8aafdbeb787c9298

Linux d889913205cf7ebda905b1e62c5867ed4e39f6c2 < 1089f65b2de78c7837ef6b4f26146a5a5b0b9749

References

https://git.kernel.org/stable/c/99dbad1b01d3b2f361a9db55c...

https://git.kernel.org/stable/c/3a392f874ac83a77ad0e53eb8...

https://git.kernel.org/stable/c/1089f65b2de78c7837ef6b4f2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 24, 2025
Vulnerability Reserved
Apr 16, 2025

JSON