-

CVE-2025-68380

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath11k: fix peer HE MCS assignment

In ath11k_wmi_send_peer_assoc_cmd(), peer's transmit MCS is sent to
firmware as receive MCS while peer's receive MCS sent as transmit MCS,
which goes against firmwire's definition.

While connecting to a misbehaved AP that advertises 0xffff (meaning not
supported) for 160 MHz transmit MCS map, firmware crashes due to 0xffff
is assigned to he_mcs->rx_mcs_set field.

	Ext Tag: HE Capabilities
	    [...]
	    Supported HE-MCS and NSS Set
		[...]
	        Rx and Tx MCS Maps 160 MHz
		    [...]
	            Tx HE-MCS Map 160 MHz: 0xffff

Swap the assignment to fix this issue.

As the HE rate control mask is meant to limit our own transmit MCS, it
needs to go via he_mcs->rx_mcs_set field. With the aforementioned swapping
done, change is needed as well to apply it to the peer's receive MCS.

Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 92791290e4f6a1de25d35af792ab8918a70737f6
Version 61fe43e7216df6e9a912d831aafc7142fa20f280
Status affected
Version < 4304bd7a334e981f189b9973056a58f84cc2b482
Version 61fe43e7216df6e9a912d831aafc7142fa20f280
Status affected
Version < 097c870b91817779e5a312c6539099a884b1fe2b
Version 61fe43e7216df6e9a912d831aafc7142fa20f280
Status affected
Version < 381096a417b7019896e93e86f4c585c592bf98e2
Version 61fe43e7216df6e9a912d831aafc7142fa20f280
Status affected
Version < 6b1a0da75932353f66e710976ca85a7131f647ff
Version 61fe43e7216df6e9a912d831aafc7142fa20f280
Status affected
Version < 4a013ca2d490c73c40588d62712ffaa432046a04
Version 61fe43e7216df6e9a912d831aafc7142fa20f280
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.16
Status affected
Version < 5.16
Version 0
Status unaffected
Version <= 6.1.*
Version 6.1.160
Status unaffected
Version <= 6.6.*
Version 6.6.120
Status unaffected
Version <= 6.12.*
Version 6.12.63
Status unaffected
Version <= 6.17.*
Version 6.17.13
Status unaffected
Version <= 6.18.*
Version 6.18.2
Status unaffected
Version <= *
Version 6.19-rc1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.