Linux Kernel ath12k Use-After-Free Vulnerability in Core Initialization

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's ath12k wireless driver. This issue arises in the ath12k_core_init() function, where the notifier chain is not properly unregistered if ath12k_core_hw_group_assign() or ath12k_core_hw_group_create() fails. As a result, the memory for the notifier chain is freed after the module is removed, potentially leading to a use-after-free condition if there is a subsequent access to the notifier chain.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service condition.

Added: Jul 3, 2025, 11:06 AM

Updated: Jul 3, 2025, 11:06 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ath12k Use-After-Free Vulnerability in Core Initialization

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating