Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() If ab->fw.m3_data points to data, then fw pointer remains null. Further, if m3_mem is not allocated, then fw is dereferenced to be passed to ath11k_err function. Replace fw->size by m3_len. Found by Linux Verification Center (linuxtesting.org) with SVACE.

INFO

Published Date :

2025-10-15T07:58:17.257Z

Last Modified :

2025-12-01T06:16:01.038Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-39991 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-39991.

URL Resource
https://git.kernel.org/stable/c/1f52119809b76d43759fc47da1cf708690b740a1 cve-icon cve-icon
https://git.kernel.org/stable/c/3fd2ef2ae2b5c955584a3bee8e83ae7d7a98f782 cve-icon cve-icon
https://git.kernel.org/stable/c/500fcc31e488d798937a23dbb1f62db46820c5b2 cve-icon cve-icon
https://git.kernel.org/stable/c/888830b2cbc035838bebefe94502976da94332a5 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025101527-CVE-2025-39991-6679@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-39991 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-39991 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact