CVE-2025-39991 wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()

🗓️ 15 Oct 2025 07:58:17Reported by LinuxType

Fix NULL dereference in ath11k_qmi_m3_load by using m3_len instead of fw->size and guarding fw when m3_mem is not allocated.

Reporter	Title	Published	Views	Family All 161
AstraLinux	Astra Linux – Vulnerability in Linux 6.12	13 Jan 202614:01	–	astralinux
Circl	CVE-2025-39991	2 Apr 202617:00	–	circl
CNNVD	Linux kernel 安全漏洞	15 Oct 202500:00	–	cnnvd
CVE	CVE-2025-39991	15 Oct 202507:58	–	cve
Debian CVE	CVE-2025-39991	15 Oct 202507:58	–	debiancve
EUVD	EUVD-2025-34582	15 Oct 202509:30	–	euvd
NVD	CVE-2025-39991	15 Oct 202508:15	–	nvd
Tenable Nessus	openSUSE 16 Security Update : kernel (openSUSE-SU-2025-20091-1)	2 Dec 202500:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2025:4057-1)	13 Nov 202500:00	–	nessus
Tenable Nessus	SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2025:4128-1)	19 Nov 202500:00	–	nessus

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/wireless/ath/ath11k/qmi.c"
    ],
    "versions": [
      {
        "version": "7db88b962f06a52af5e9a32971012e8f3427cec0",
        "lessThan": "1f52119809b76d43759fc47da1cf708690b740a1",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7db88b962f06a52af5e9a32971012e8f3427cec0",
        "lessThan": "888830b2cbc035838bebefe94502976da94332a5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7db88b962f06a52af5e9a32971012e8f3427cec0",
        "lessThan": "500fcc31e488d798937a23dbb1f62db46820c5b2",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "7db88b962f06a52af5e9a32971012e8f3427cec0",
        "lessThan": "3fd2ef2ae2b5c955584a3bee8e83ae7d7a98f782",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/net/wireless/ath/ath11k/qmi.c"
    ],
    "versions": [
      {
        "version": "6.7",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.7",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.51",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.16.11",
        "lessThanOrEqual": "6.16.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.17.1",
        "lessThanOrEqual": "6.17.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.18",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/3fd2ef2ae2b5c955584a3bee8e83ae7d7a98f782
git	www.git.kernel.org/stable/c/1f52119809b76d43759fc47da1cf708690b740a1
git	www.git.kernel.org/stable/c/500fcc31e488d798937a23dbb1f62db46820c5b2
git	www.git.kernel.org/stable/c/888830b2cbc035838bebefe94502976da94332a5

11 May 2026 21:40Current

EPSS0.00182