Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2025-38292

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix invalid access to memory

In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean is_continuation is part of rxcb. Currently, after freeing the skb, the rxcb->is_continuation accessed again which is wrong since the memory is already freed. This might lead use-after-free error.

Hence, fix by locally defining bool is_continuation from rxcb, so that after freeing skb, is_continuation can be used.

Compile tested only.

Published: Jul 10, 2025
Updated: Nov 20, 2025
CVE: CVE-2025-38292
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.1
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWEs:

CWE-125

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	6.3	6.12.34
linux / linux_kernel	6.13	6.15.3

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo