CVE-2025-38606
📋 TL;DR
A null pointer dereference vulnerability in the Linux kernel's ath12k WiFi driver allows local attackers to cause a kernel panic (denial of service) when handling beacon loss events. The issue affects systems using ath12k-based WiFi hardware with P2P capabilities enabled. Attackers with local access can trigger the vulnerability by manipulating WiFi scanning behavior.
💻 Affected Systems
- Linux kernel with ath12k driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, requiring physical or remote console access to reboot the system.
Likely Case
System instability or crash when WiFi beacon loss occurs on systems with P2P interfaces active, disrupting network connectivity.
If Mitigated
Minor performance impact during WiFi roaming events with proper validation in place.
🎯 Exploit Status
Requires local access and ability to trigger WiFi scanning/beacon loss events. Not trivial but achievable by determined attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel with commits 1259b6da8303f70fef6ed4aef8ae3dedfecb0f27, 36670b67de18f1e5d34900c5d2ac60a8970c293c, or 9b861dfc5c07defd0191fd3e7288a3179cd9a02e
Vendor Advisory: https://git.kernel.org/stable/c/1259b6da8303f70fef6ed4aef8ae3dedfecb0f27
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Rebuild kernel if using custom kernel. 3. Load updated ath12k module. No system reboot required for driver-only update.
🔧 Temporary Workarounds
Disable P2P WiFi interfaces
allPrevent creation of P2P interfaces that trigger the uninitialized pointer condition
# Disable P2P in wpa_supplicant configuration
# Set p2p_disabled=1 in /etc/wpa_supplicant/wpa_supplicant.conf
Blacklist ath12k module
allTemporarily disable the vulnerable driver if not required
echo 'blacklist ath12k' >> /etc/modprobe.d/blacklist-ath12k.conf
rmmod ath12k
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable WiFi hardware
- Disable WiFi scanning features and use wired networking where possible
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if ath12k module is loaded: lsmod | grep ath12k && uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel contains fix commit: git log --oneline | grep -E '1259b6da8303|36670b67de18|9b861dfc5c07'📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages with 'null-ptr-deref' and 'ath12k_mac_handle_beacon_miss_iter' in call trace
- System logs showing 'detected beacon loss from AP' followed by crashes
Network Indicators:
- Unexpected WiFi disconnections on systems with ath12k hardware
- Increased scan activity from P2P interfaces
SIEM Query:
event_source="kernel" AND (message:"null-ptr-deref" OR message:"ath12k" OR message:"beacon loss")