CVE-2025-39991

Published: Oct 15, 2025

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() If ab->fw.m3_data points to data, then fw pointer remains null. Further, if m3_mem is not allocated, then fw is dereferenced to be passed to ath11k_err function. Replace fw->size by m3_len. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Vendor	Product	Versions
Linux	Linux	affected `7db88b962f06a52af5e9a32971012e8f3427cec0 - < 1f52119809b76d43759fc47da1cf708690b740a1` affected `7db88b962f06a52af5e9a32971012e8f3427cec0 - < 888830b2cbc035838bebefe94502976da94332a5` affected `7db88b962f06a52af5e9a32971012e8f3427cec0 - < 500fcc31e488d798937a23dbb1f62db46820c5b2` affected `7db88b962f06a52af5e9a32971012e8f3427cec0 - < 3fd2ef2ae2b5c955584a3bee8e83ae7d7a98f782`
Linux	Linux	affected `6.7` unaffected `0 - < 6.7` unaffected `6.12.51 - <= 6.12.` unaffected `6.16.11 - <= 6.16.` unaffected `6.17.1 - <= 6.17.*` +1 more versions

References

https://git.kernel.org/stable/c/1f52119809b76d43759fc47da1cf708690b740a1

https://git.kernel.org/stable/c/888830b2cbc035838bebefe94502976da94332a5

https://git.kernel.org/stable/c/500fcc31e488d798937a23dbb1f62db46820c5b2

https://git.kernel.org/stable/c/3fd2ef2ae2b5c955584a3bee8e83ae7d7a98f782

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-39991

Description

Affected Products

References