CVE-2025-38157
📋 TL;DR
A vulnerability in the Linux kernel's ath9k_htc WiFi driver allows a malicious USB device to trigger a divide-by-zero error by sending a WMI_SWBA_EVENTID event before beaconing is enabled. This can cause kernel crashes or out-of-bounds reads, potentially leading to denial of service or information disclosure. Systems using ath9k_htc-managed WiFi devices are affected.
💻 Affected Systems
- Linux kernel with ath9k_htc driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, potential information disclosure through out-of-bounds memory reads, or local privilege escalation if combined with other vulnerabilities.
Likely Case
System crash or instability requiring reboot, denial of service affecting WiFi functionality.
If Mitigated
No impact if the vulnerable driver is not loaded or if USB device access is restricted.
🎯 Exploit Status
Exploitation requires physical USB device access or ability to emulate malicious USB device. No authentication needed once device is connected.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits: 0281c19074976ec48f0078d50530b406ddae75bc, 40471b23147c86ea3ed97faee79937c618250bd0, 5482ef9875eaa43f0435e14570e1193823de857e, 5a85c21f812e02cb00ca07007d88acdd42d08c46, 7ee3fb6258da8c890a51b514f60d7570dc703605
Vendor Advisory: https://git.kernel.org/stable/c/0281c19074976ec48f0078d50530b406ddae75bc
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply the relevant commits from kernel.org. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Blacklist ath9k_htc driver
linuxPrevent loading of vulnerable driver module
echo 'blacklist ath9k_htc' >> /etc/modprobe.d/blacklist-ath9k.conf
update-initramfs -u
reboot
Disable automatic USB WiFi device loading
linuxPrevent automatic driver loading when USB WiFi device is connected
echo 'install ath9k_htc /bin/false' >> /etc/modprobe.d/disable-ath9k.conf
update-initramfs -u
🧯 If You Can't Patch
- Restrict physical USB port access to prevent malicious device connection
- Use USB device authorization policies to block unauthorized ath9k_htc devices
🔍 How to Verify
Check if Vulnerable:
Check if ath9k_htc module is loaded: lsmod | grep ath9k_htcCheck Version:
uname -rVerify Fix Applied:
Check kernel version is patched: uname -r and verify against distribution security advisories📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- ath9k_htc driver error messages in dmesg
- System crash/reboot logs
Network Indicators:
- Unexpected WiFi disconnections
- ath9k_htc device connection attempts
SIEM Query:
source="kernel" AND ("ath9k_htc" OR "divide by zero" OR "kernel panic")🔗 References
- https://git.kernel.org/stable/c/0281c19074976ec48f0078d50530b406ddae75bc
- https://git.kernel.org/stable/c/40471b23147c86ea3ed97faee79937c618250bd0
- https://git.kernel.org/stable/c/5482ef9875eaa43f0435e14570e1193823de857e
- https://git.kernel.org/stable/c/5a85c21f812e02cb00ca07007d88acdd42d08c46
- https://git.kernel.org/stable/c/7ee3fb6258da8c890a51b514f60d7570dc703605
- https://git.kernel.org/stable/c/ac4e317a95a1092b5da5b9918b7118759342641c
- https://git.kernel.org/stable/c/e5ce9df1d68094d37360dbd9b09289d42fa21e54
- https://git.kernel.org/stable/c/ee5ee646385f5846dcbc881389f3c44a197c402a
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
