CVE-2025-37744

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-37744
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37744.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-37744
Downstream
Published
2025-05-01T13:15:53Z
Modified
2025-05-08T23:01:22Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix memory leak in ath12kpciremove()

Kmemleak reported this error:

unreferenced object 0xffff1c165cec3060 (size 32): comm "insmod", pid 560, jiffies 4296964570 (age 235.596s) backtrace: [<000000005434db68>] _kmemcacheallocnode+0x1f4/0x2c0 [<000000001203b155>] kmalloctrace+0x40/0x88 [<0000000028adc9c8>] _requestfirmware+0xb8/0x608 [<00000000cad1aef7>] firmwarerequestnowarn+0x50/0x80 [<000000005011a682>] localpciprobe+0x48/0xd0 [<00000000077cd295>] pcideviceprobe+0xb4/0x200 [<0000000087184c94>] really_probe+0x150/0x2c0

The firmware memory was allocated in ath12kpciprobe(), but not freed in ath12kpciremove() in case ATH12KFLAGQMIFAIL bit is set. So call ath12kfw_unmap() to free the memory.

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.2.0-02280-QCAHMTSWPLV1.0V2.0_SILICONZ-1

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12.25-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}