Null Dereference Vulnerability in Linux Kernel Affects ath11k Driver
CVE-2025-39991

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 15 October 2025

What is CVE-2025-39991?

A null dereference vulnerability has been identified in the ath11k driver of the Linux kernel. This issue occurs when the firmware pointer remains null, resulting in potential system instability when m3_mem is not correctly allocated. Appropriate handling has been implemented by replacing the fw->size with m3_len to prevent unintended dereferencing and enhance system security. Discovered through rigorous testing conducted by the Linux Verification Center, this vulnerability underscores the importance of timely code maintenance and patching.

Affected Version(s)

Linux 7db88b962f06a52af5e9a32971012e8f3427cec0 < 1f52119809b76d43759fc47da1cf708690b740a1

Linux 7db88b962f06a52af5e9a32971012e8f3427cec0 < 888830b2cbc035838bebefe94502976da94332a5

Linux 7db88b962f06a52af5e9a32971012e8f3427cec0 < 500fcc31e488d798937a23dbb1f62db46820c5b2

References

https://git.kernel.org/stable/c/1f52119809b76d43759fc47da...

https://git.kernel.org/stable/c/888830b2cbc035838bebefe94...

https://git.kernel.org/stable/c/500fcc31e488d798937a23dbb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2025
Vulnerability Reserved
Apr 16, 2025

JSON