CVE-2025-37744
📋 TL;DR
This CVE describes a memory leak vulnerability in the Linux kernel's ath12k WiFi driver. When the ATH12K_FLAG_QMI_FAIL bit is set during device removal, firmware memory allocated during probe isn't freed, causing a kernel memory leak. This affects Linux systems using Qualcomm Atheros ath12k WiFi hardware.
💻 Affected Systems
- Linux kernel with ath12k driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Sustained exploitation could lead to kernel memory exhaustion, causing system instability, crashes, or denial of service.
Likely Case
Gradual memory consumption over time during repeated device probe/remove cycles, potentially leading to performance degradation.
If Mitigated
Minimal impact with proper monitoring and system maintenance; memory leak is slow and requires specific conditions.
🎯 Exploit Status
Exploitation requires local access and ability to trigger device removal with QMI_FAIL condition; not a remote code execution vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 1b24394ed5c8a8d8f7b9e3aa9044c31495d46f2e and 52e3132e62c31b5ade43dc4495fa81175e6e8398
Vendor Advisory: https://git.kernel.org/stable/c/1b24394ed5c8a8d8f7b9e3aa9044c31495d46f2e
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Reboot system to load new kernel. 3. Verify ath12k driver is using patched code.
🔧 Temporary Workarounds
Avoid device removal cycles
linuxPrevent triggering the vulnerable code path by avoiding ath12k device removal when QMI_FAIL condition occurs
Disable ath12k driver
linuxRemove or blacklist ath12k driver if not needed
echo 'blacklist ath12k' >> /etc/modprobe.d/blacklist-ath12k.conf
update-initramfs -u
reboot
🧯 If You Can't Patch
- Monitor kernel memory usage for unusual growth patterns
- Restrict local user access to device management operations
🔍 How to Verify
Check if Vulnerable:
Check if system uses ath12k driver: lsmod | grep ath12k. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits: git log --oneline | grep -E '1b24394ed5c8a8d8f7b9e3aa9044c31495d46f2e|52e3132e62c31b5ade43dc4495fa81175e6e8398'📡 Detection & Monitoring
Log Indicators:
- Kernel oom-killer messages
- System memory exhaustion warnings
- dmesg showing memory allocation failures
SIEM Query:
source="kernel" AND ("out of memory" OR "oom-killer" OR "memory allocation failure") AND process="ath12k"