7.8

CVE-2025-38157

wifi: ath9k_htc: Abort software beacon handling if disabled

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath9k_htc: Abort software beacon handling if disabled

A malicious USB device can send a WMI_SWBA_EVENTID event from an
ath9k_htc-managed device before beaconing has been enabled. This causes
a device-by-zero error in the driver, leading to either a crash or an
out of bounds read.

Prevent this by aborting the handling in ath9k_htc_swba() if beacons are
not enabled.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.0 < 5.4.295
LinuxLinux Kernel Version >= 5.5 < 5.10.239
LinuxLinux Kernel Version >= 5.11 < 5.15.186
LinuxLinux Kernel Version >= 5.16 < 6.1.142
LinuxLinux Kernel Version >= 6.2 < 6.6.94
LinuxLinux Kernel Version >= 6.7 < 6.12.34
LinuxLinux Kernel Version >= 6.13 < 6.15.3
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.053
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/e5ce9df1d68094d37360dbd9b09289d42fa21e54
Patch
https://git.kernel.org/stable/c/0281c19074976ec48f0078d50530b406ddae75bc
Patch
https://git.kernel.org/stable/c/7ee3fb6258da8c890a51b514f60d7570dc703605
Patch
https://git.kernel.org/stable/c/40471b23147c86ea3ed97faee79937c618250bd0
Patch
https://git.kernel.org/stable/c/5482ef9875eaa43f0435e14570e1193823de857e
Patch
https://git.kernel.org/stable/c/ee5ee646385f5846dcbc881389f3c44a197c402a
Patch
https://git.kernel.org/stable/c/5a85c21f812e02cb00ca07007d88acdd42d08c46
Patch
https://git.kernel.org/stable/c/ac4e317a95a1092b5da5b9918b7118759342641c
Patch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
Third Party Advisory