Linux Kernel ath11k Memory Leak Vulnerability Due to Missing skb Drop on htc_tx_completion Error

Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's ath11k wireless driver. When an error occurs in the htc_tx_completion process, the associated socket buffer (skb) is not properly discarded. This oversight leads to a memory leak, as the skb remains unfreed and not accounted for elsewhere. The issue arises because the completion handler expects the skb to be consumed, even in the event of an error. The vulnerability has been addressed by ensuring that the skb is correctly freed when the endpoint ID is greater than or equal to ATH11K_HTC_EP_COUNT, prior to returning from the function.

Impact

The vulnerability causes a memory leak, as unfreed socket buffers accumulate and are not released, potentially leading to increased memory usage and degradation of system performance over time.

Added: Jun 18, 2025, 2:26 PM

Updated: Jun 18, 2025, 2:26 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ath11k Memory Leak Vulnerability Due to Missing skb Drop on htc_tx_completion Error

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating