CVE-2025-40131

Linux Kernel 6.16-6.17.3 - Denial of Service via ath12k_dp_mon_rx_deliver_msdu Peer Lookup Failure

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix peer lookup in ath12k_dp_mon_rx_deliver_msdu() In ath12k_dp_mon_rx_deliver_msdu(), peer lookup fails because rxcb->peer_id is not updated with a valid value. This is expected in monitor mode, where RX frames bypass the regular RX descriptor path that typically sets rxcb->peer_id. As a result, the peer is NULL, and link_id and link_valid fields in the RX status are not populated. This leads to a WARN_ON in mac80211 when it receives data frame from an associated station with invalid link_id. Fix this potential issue by using ppduinfo->peer_id, which holds the correct peer id for the received frame. This ensures that the peer is correctly found and the associated link metadata is updated accordingly. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1

Scores

EPSS 0.0019
EPSS Percentile 9.0%

Details

Status published
Products (9)
linux/Kernel 6.16.0 - 6.17.3linux
Linux/Linux < 6.16
Linux/Linux 124bd8cea02395a1a140f1dcc5e57c65cdd428af
Linux/Linux 6.15.3 - 6.16
Linux/Linux 6.16
Linux/Linux 6.17.3 - 6.17.*
Linux/Linux 6.18
Linux/Linux bd00cc7e8a4c1048d14c9a9e9790c582119785fb - 7ca61ed8b3f3fc9a7decd68039cb1d7d1238c566
Linux/Linux bd00cc7e8a4c1048d14c9a9e9790c582119785fb - da64eb2da76ce5626238a951fdf3e81810454427
Published Nov 12, 2025
Tracked Since Feb 18, 2026