vulnerability

Rocky Linux: CVE-2025-38116: kernel (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	Nov 21, 2025	Feb 5, 2026	Feb 5, 2026

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Nov 21, 2025

Added

Feb 5, 2026

Modified

Feb 5, 2026

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix uaf in ath12k_core_init()

When the execution of ath12k_core_hw_group_assign() or
ath12k_core_hw_group_create() fails, the registered notifier chain is not
unregistered properly. Its memory is freed after rmmod, which may trigger
to a use-after-free (UAF) issue if there is a subsequent access to this
notifier chain.

Fixes the issue by calling ath12k_core_panic_notifier_unregister() in
failure cases.

Call trace:
notifier_chain_register+0x4c/0x1f0 (P)
atomic_notifier_chain_register+0x38/0x68
ath12k_core_init+0x50/0x4e8 [ath12k]
ath12k_pci_probe+0x5f8/0xc28 [ath12k]
pci_device_probe+0xbc/0x1a8
really_probe+0xc8/0x3a0
__driver_probe_device+0x84/0x1b0
driver_probe_device+0x44/0x130
__driver_attach+0xcc/0x208
bus_for_each_dev+0x84/0x100
driver_attach+0x2c/0x40
bus_add_driver+0x130/0x260
driver_register+0x70/0x138
__pci_register_driver+0x68/0x80
ath12k_pci_init+0x30/0x68 [ath12k]
ath12k_init+0x28/0x78 [ath12k]

Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3

Solutions

rocky-upgrade-kernelrocky-upgrade-kernel-corerocky-upgrade-kernel-debugrocky-upgrade-kernel-debug-corerocky-upgrade-kernel-debug-debuginforocky-upgrade-kernel-debug-develrocky-upgrade-kernel-debug-devel-matchedrocky-upgrade-kernel-debug-modulesrocky-upgrade-kernel-debug-modules-corerocky-upgrade-kernel-debug-modules-extrarocky-upgrade-kernel-debug-uki-virtrocky-upgrade-kernel-debuginforocky-upgrade-kernel-debuginfo-common-s390xrocky-upgrade-kernel-debuginfo-common-x86_64rocky-upgrade-kernel-develrocky-upgrade-kernel-devel-matchedrocky-upgrade-kernel-modulesrocky-upgrade-kernel-modules-corerocky-upgrade-kernel-modules-extrarocky-upgrade-kernel-modules-extra-matchedrocky-upgrade-kernel-rtrocky-upgrade-kernel-rt-corerocky-upgrade-kernel-rt-debugrocky-upgrade-kernel-rt-debug-corerocky-upgrade-kernel-rt-debug-debuginforocky-upgrade-kernel-rt-debug-develrocky-upgrade-kernel-rt-debug-modulesrocky-upgrade-kernel-rt-debug-modules-corerocky-upgrade-kernel-rt-debug-modules-extrarocky-upgrade-kernel-rt-debuginforocky-upgrade-kernel-rt-develrocky-upgrade-kernel-rt-modulesrocky-upgrade-kernel-rt-modules-corerocky-upgrade-kernel-rt-modules-extrarocky-upgrade-kernel-toolsrocky-upgrade-kernel-tools-debuginforocky-upgrade-kernel-tools-libsrocky-upgrade-kernel-tools-libs-develrocky-upgrade-kernel-uki-virtrocky-upgrade-kernel-uki-virt-addonsrocky-upgrade-kernel-zfcpdumprocky-upgrade-kernel-zfcpdump-corerocky-upgrade-kernel-zfcpdump-debuginforocky-upgrade-kernel-zfcpdump-develrocky-upgrade-kernel-zfcpdump-devel-matchedrocky-upgrade-kernel-zfcpdump-modulesrocky-upgrade-kernel-zfcpdump-modules-corerocky-upgrade-kernel-zfcpdump-modules-extrarocky-upgrade-libperfrocky-upgrade-libperf-debuginforocky-upgrade-perfrocky-upgrade-perf-debuginforocky-upgrade-python3-perfrocky-upgrade-python3-perf-debuginforocky-upgrade-rtlarocky-upgrade-rv

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today