CVE-2025-23133

EPSS 0.04%
Veröffentlicht 16.04.2025 14:13:14
Zuletzt bearbeitet 09.09.2025 17:15:42
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath11k: update channel list in reg notifier instead reg worker

Currently when ath11k gets a new channel list, it will be processed
according to the following steps:
1. update new channel list to cfg80211 and queue reg_work.
2. cfg80211 handles new channel list during reg_work.
3. update cfg80211's handled channel list to firmware by
ath11k_reg_update_chan_list().

But ath11k will immediately execute step 3 after reg_work is just
queued. Since step 2 is asynchronous, cfg80211 may not have completed
handling the new channel list, which may leading to an out-of-bounds
write error:
BUG: KASAN: slab-out-of-bounds in ath11k_reg_update_chan_list
Call Trace:
    ath11k_reg_update_chan_list+0xbfe/0xfe0 [ath11k]
    kfree+0x109/0x3a0
    ath11k_regd_update+0x1cf/0x350 [ath11k]
    ath11k_regd_update_work+0x14/0x20 [ath11k]
    process_one_work+0xe35/0x14c0

Should ensure step 2 is completely done before executing step 3. Thus
Wen raised patch[1]. When flag NL80211_REGDOM_SET_BY_DRIVER is set,
cfg80211 will notify ath11k after step 2 is done.

So enable the flag NL80211_REGDOM_SET_BY_DRIVER then cfg80211 will
notify ath11k after step 2 is done. At this time, there will be no
KASAN bug during the execution of the step 3.

[1] https://patchwork.kernel.org/project/linux-wireless/patch/20230201065313.27203-1-quic_wgong@quicinc.com/

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 26618c039b78a76c373d4e02c5fbd52e3a73aead

Version f45cb6b29cd36514e13f7519770873d8c0457008

Status affected

Version < f952fb83c9c6f908d27500764c4aee1df04b9d3f

Version f45cb6b29cd36514e13f7519770873d8c0457008

Status affected

Version < 933ab187e679e6fbdeea1835ae39efcc59c022d2

Version f45cb6b29cd36514e13f7519770873d8c0457008

Status affected

Version f96fd36936310cefe0ea1370a9ae30e6746e6f62

Status affected

Version c97b120950b49d76bdce013bd4d9577d769465f4

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.1

Status affected

Version < 6.1

Version 0

Status unaffected

Version <= 6.12.*

Version 6.12.46

Status unaffected

Version <= 6.14.*

Version 6.14.2

Status unaffected

Version <= *

Version 6.15

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.118

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/f952fb83c9c6f908d27500764c4aee1df04b9d3f

https://git.kernel.org/stable/c/933ab187e679e6fbdeea1835ae39efcc59c022d2

https://git.kernel.org/stable/c/26618c039b78a76c373d4e02c5fbd52e3a73aead

https://nvd.nist.gov/vuln/detail/CVE-2025-23133

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-23133

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-23133

EUVD