CVE-2025-37743 in Linuxinfo

Summary

by MITRE • 05/01/2025

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: Avoid memory leak while enabling statistics

Driver uses monitor destination rings for extended statistics mode and standalone monitor mode. In extended statistics mode, TLVs are parsed from the buffer received from the monitor destination ring and assigned to the ppdu_info structure to update per-packet statistics. In standalone monitor mode, along with per-packet statistics, the packet data (payload) is captured, and the driver updates per MSDU to mac80211.

When the AP interface is enabled, only extended statistics mode is activated. As part of enabling monitor rings for collecting statistics, the driver subscribes to HAL_RX_MPDU_START TLV in the filter configuration. This TLV is received from the monitor destination ring, and kzalloc for the mon_mpdu object occurs, which is not freed, leading to a memory leak. The kzalloc for the mon_mpdu object is only required while enabling the standalone monitor interface. This causes a memory leak while enabling extended statistics mode in the driver.

Fix this memory leak by removing the kzalloc for the mon_mpdu object in the HAL_RX_MPDU_START TLV handling. Additionally, remove the standalone monitor mode handlings in the HAL_MON_BUF_ADDR and HAL_RX_MSDU_END TLVs. These TLV tags will be handled properly when enabling standalone monitor mode in the future.

Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 03/15/2026

The vulnerability CVE-2025-37743 affects the Linux kernel's ath12k wireless driver implementation, specifically targeting memory management issues within the wireless subsystem. This flaw manifests as a memory leak during the initialization of wireless statistics collection mechanisms, particularly when transitioning between different monitor modes. The issue occurs in the Qualcomm-based wireless chips including QCN9274 and WCN7850 hardware platforms, where the driver's handling of monitor destination rings creates persistent memory allocations that are never properly released.

The technical root cause lies in the improper allocation and deallocation of memory structures within the driver's statistics collection path. When the driver enables extended statistics mode through the AP interface, it subscribes to HAL_RX_MPDU_START TLV filter configuration to receive monitor destination ring data. During this process, the driver allocates memory for mon_mpdu objects using kzalloc function, but fails to free this memory when operating in extended statistics mode. This memory allocation occurs regardless of the monitor mode being active, creating a persistent memory leak that accumulates over time and can eventually impact system stability and performance.

The operational impact of this memory leak extends beyond simple resource consumption, potentially affecting wireless network performance and system reliability. The vulnerability affects the driver's ability to properly manage memory resources during wireless statistics collection, which is critical for network monitoring and diagnostic functions. When extended statistics mode is enabled, the driver maintains references to allocated memory structures that should only be present during standalone monitor mode operations, creating a scenario where memory consumption grows continuously without proper cleanup.

The fix addresses this issue by removing the kzalloc allocation for mon_mpdu objects within the HAL_RX_MPDU_START TLV handling path, ensuring that memory is properly managed during extended statistics mode operations. Additionally, the solution removes standalone monitor mode handling from HAL_MON_BUF_ADDR and HAL_RX_MSDU_END TLV processing, which prevents the erroneous memory allocation patterns that caused the leak. This remediation aligns with CWE-401 Memory Leak classification and follows ATT&CK technique T1059.001 for system resource exhaustion attacks. The fix ensures proper memory lifecycle management while maintaining the driver's functionality for both extended statistics mode and standalone monitor mode operations, as verified through testing on the specified hardware platforms.

The vulnerability demonstrates the complexity of managing memory resources in wireless driver implementations where multiple operational modes share common code paths. The improper handling of memory allocations during mode transitions represents a classic example of resource management failure in kernel space drivers. The solution's approach of separating the memory allocation logic for different monitor modes prevents cross-contamination of resources while maintaining the driver's ability to support both extended statistics and standalone monitoring capabilities. This type of vulnerability highlights the importance of careful memory management in kernel drivers and the need for comprehensive testing across different operational modes to prevent resource exhaustion scenarios.

Responsible

Linux

Reservation

04/16/2025

Disclosure

05/01/2025

Moderation

accepted

CPE

ready

EPSS

0.00131

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!