CVE-2025-39761

Advisory lineage Upstream: 0 Downstream: 34
Analyzed
Published: 11 Sept 2025, 16:52
Last modified:11 May 2026, 21:35

Vulnerability Summary

Overall Risk (default)
medium
28/100
CVSS Score
7.1 HIGH
v3.1 (nvd)
EPSS Score
0.02% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

11 Sept 2025, 16:52
Published
Vulnerability first disclosed
11 May 2026, 21:35
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Decrement TID on RX peer frag setup error handling Currently, TID is not decremented before peer cleanup, during error handling path of ath12k_dp_rx_peer_frag_setup(). This could lead to out-of-bounds access in peer->rx_tid[]. Hence, add a decrement operation for TID, before peer cleanup to ensures proper cleanup and prevents out-of-bounds access issues when the RX peer frag setup fails. Found during code review. Compile tested only.

CVSS Metrics

  • v3.1HIGHScore: 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.02% Percentile: 6%

Techniques & Countermeasures

  • CWE-125Out-of-bounds Read

    The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

  • linuxlinux

    ≥ d889913205cf7ebda905b1e62c5867ed4e39f6c2, < eb1e1526b82b8cf31f1ef9ca86a2647fb6cd89c6 | ≥ d889913205cf7ebda905b1e62c5867ed4e39f6c2, < 7c3e99fd4a66a5ac9c7dd32db07359666efe0002 | ≥ d889913205cf7ebda905b1e62c5867ed4e39f6c2, < a3b73c72c42348bf1555fd2b00f32f941324b242 | ≥ d889913205cf7ebda905b1e62c5867ed4e39f6c2, < 9530d666f4376c294cdf4348c29fe3542fec980a | ≥ d889913205cf7ebda905b1e62c5867ed4e39f6c2, < 7c0884fcd2ddde0544d2e77f297ae461e1f53f58 | 6.3

  • linuxlinux_kernel

    ≥ 6.3, < 6.6.103 | ≥ 6.7, < 6.12.43 | ≥ 6.13, < 6.15.11 | ≥ 6.16, < 6.16.2

References (5)