CVE-2025-37744 in Linux
Summary
by MITRE • 05/01/2025
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix memory leak in ath12k_pci_remove()
Kmemleak reported this error:
unreferenced object 0xffff1c165cec3060 (size 32): comm "insmod", pid 560, jiffies 4296964570 (age 235.596s) backtrace: [<000000005434db68>] __kmem_cache_alloc_node+0x1f4/0x2c0
[<000000001203b155>] kmalloc_trace+0x40/0x88
[<0000000028adc9c8>] _request_firmware+0xb8/0x608
[<00000000cad1aef7>] firmware_request_nowarn+0x50/0x80
[<000000005011a682>] local_pci_probe+0x48/0xd0
[<00000000077cd295>] pci_device_probe+0xb4/0x200
[<0000000087184c94>] really_probe+0x150/0x2c0
The firmware memory was allocated in ath12k_pci_probe(), but not freed in ath12k_pci_remove() in case ATH12K_FLAG_QMI_FAIL bit is set. So call ath12k_fw_unmap() to free the memory.
Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.2.0-02280-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/15/2026
The vulnerability CVE-2025-37744 represents a memory leak in the Linux kernel's ath12k wireless driver implementation specifically affecting the ath12k_pci_remove() function. This issue was identified through kmemleak analysis which detected an unreferenced memory object of 32 bytes that remained allocated beyond its intended lifecycle. The memory leak occurs during the removal of PCI wireless network devices, particularly impacting the WCN7850 hardware platform running version 2.0 of the WLAN.HMT.2.0 firmware. The memory allocation trace shows the object was created through standard kernel memory allocation functions including __kmem_cache_alloc_node and kmalloc_trace, with the allocation originating from firmware request operations via _request_firmware and firmware_request_nowarn. This memory leak pattern demonstrates a classic resource management failure where allocated kernel memory is not properly deallocated during device removal operations.
The technical flaw stems from incomplete error handling in the ath12k wireless driver's PCI device removal path. When the ATH12K_FLAG_QMI_FAIL bit is set during device initialization, the ath12k_pci_remove() function fails to call the ath12k_fw_unmap() cleanup routine that would normally free previously allocated firmware memory. This creates a scenario where memory allocated in the ath12k_pci_probe() initialization function is never released, leading to gradual memory consumption over time. The issue specifically affects the ath12k driver's handling of wireless network hardware that uses QMI (Queued Message Interface) communication protocols for device management, where failure conditions can prevent proper cleanup of allocated resources. The flaw demonstrates a missing conditional check in the removal logic that should ensure firmware memory cleanup regardless of initialization success or failure states.
The operational impact of this memory leak can be significant in systems where wireless devices are frequently probed and removed, particularly in enterprise environments or embedded systems with limited memory resources. Over time, repeated device removal operations can lead to progressive memory exhaustion, potentially causing system instability, reduced performance, or even system crashes in memory-constrained environments. The leak affects only the specific hardware platform mentioned (WCN7850 hw2.0) but represents a broader class of resource management issues that could impact similar wireless drivers. This vulnerability could be exploited by attackers to cause denial of service conditions through sustained device removal operations, making it particularly concerning for systems that dynamically manage wireless network interfaces. The memory leak pattern aligns with common attack vectors in the ATT&CK framework under resource exhaustion techniques, where insufficient memory management can lead to system degradation.
The fix for this vulnerability involves ensuring that the ath12k_fw_unmap() function is called unconditionally during device removal, regardless of whether initialization succeeded or failed. This requires modifying the ath12k_pci_remove() function to check for the ATH12K_FLAG_QMI_FAIL condition and execute proper cleanup operations. The solution follows established kernel memory management practices and aligns with CWE-404, which addresses improper resource release or unmanaged resources in software implementations. System administrators should ensure that affected kernel versions are updated to include this fix, particularly in environments where wireless devices are frequently hot-plugged or where memory resources are constrained. The remediation approach also emphasizes the importance of comprehensive error handling in kernel drivers and follows best practices for resource management as defined in industry standards for secure kernel development.