CVE-2025-38414

wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 GCC_GCC_PCIE_HOT_RST is wrongly defined for WCN7850, causing kernel crash
on some specific platforms. Since this register is divergent for WCN7850 and QCN9274, move it to
register table to allow different definitions. Then correct the register
address for WCN7850 to fix this issue. Note IPQ5332 is not affected as it is not PCIe based device. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath12k: corrección de la definición de GCC_GCC_PCIE_HOT_RST para WCN7850. GCC_GCC_PCIE_HOT_RST está mal definido para WCN7850, lo que provoca un fallo del kernel en algunas plataformas específicas. Dado que este registro es divergente para WCN7850 y QCN9274, muévalo a la tabla de registros para permitir definiciones diferentes. A continuación, corrija la dirección del registro de WCN7850 para solucionar este problema. Nota: IPQ5332 no se ve afectado, ya que no es un dispositivo basado en PCIe. Probado en: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix...

This update provides the initial livepatch for this kernel update. This update does not contain any fixes and will be updated with livepatches later.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-07-25 CVE Published
2025-07-28 CVE Updated
2025-08-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (4)

URL	Tag	Source
https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/569972c5bdb839b0eaf8aba6ce76ea0b78e2acf8	2025-06-19
https://git.kernel.org/stable/c/d71ac5694b33c80f1de97d074f6fbdc6c01a9d61	2025-06-19
https://git.kernel.org/stable/c/7588a893cde5385ad308400ff167d29a29913b3a	2025-06-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.12.34 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.12.34"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.15.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.15.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.16"		en		Affected