Linux Kernel ath12k NULL Pointer Dereference Vulnerability in Channel Context Handler

Vulnerability

A vulnerability in the Linux kernel's ath12k Wi-Fi driver has been fixed, addressing a NULL pointer dereference issue in the channel context assignment handler. The vulnerability arose because, when the function ath12k_mac_assign_vif_to_vdev() failed, the radio handle was incorrectly accessed from the link VIF handle for debug logging, despite the radio handle being NULL in such failure scenarios. This NULL access has been corrected by redirecting the logging to a hardware debug helper function. The vulnerability was present in the QCN9274 and WCN7850 hardware versions.

Impact

The vulnerability could lead to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Added: Jul 10, 2025, 9:14 AM

Updated: Jul 10, 2025, 9:14 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ath12k NULL Pointer Dereference Vulnerability in Channel Context Handler

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating