{"id":"CVE-2025-38293","summary":"wifi: ath11k: fix node corruption in ar-\u003earvifs list","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix node corruption in ar-\u003earvifs list\n\nIn current WLAN recovery code flow, ath11k_core_halt() only\nreinitializes the \"arvifs\" list head. This will cause the\nlist node immediately following the list head to become an\ninvalid list node. Because the prev of that node still points\nto the list head \"arvifs\", but the next of the list head \"arvifs\"\nno longer points to that list node.\n\nWhen a WLAN recovery occurs during the execution of a vif\nremoval, and it happens before the spin_lock_bh(&ar-\u003edata_lock)\nin ath11k_mac_op_remove_interface(), list_del() will detect the\npreviously mentioned situation, thereby triggering a kernel panic.\n\nThe fix is to remove and reinitialize all vif list nodes from the\nlist head \"arvifs\" during WLAN halt. The reinitialization is to make\nthe list nodes valid, ensuring that the list_del() in\nath11k_mac_op_remove_interface() can execute normally.\n\nCall trace:\n__list_del_entry_valid_or_report+0xb8/0xd0\nath11k_mac_op_remove_interface+0xb0/0x27c [ath11k]\ndrv_remove_interface+0x48/0x194 [mac80211]\nieee80211_do_stop+0x6e0/0x844 [mac80211]\nieee80211_stop+0x44/0x17c [mac80211]\n__dev_close_many+0xac/0x150\n__dev_change_flags+0x194/0x234\ndev_change_flags+0x24/0x6c\ndevinet_ioctl+0x3a0/0x670\ninet_ioctl+0x200/0x248\nsock_do_ioctl+0x60/0x118\nsock_ioctl+0x274/0x35c\n__arm64_sys_ioctl+0xac/0xf0\ninvoke_syscall+0x48/0x114\n...\n\nTested-on: QCA6698AQ hw2.1 PCI WLAN.HSP.1.1-04591-QCAHSPSWPL_V1_V2_SILICONZ_IOE-1","modified":"2026-03-20T12:42:47.149477Z","published":"2025-07-10T07:42:08.230Z","related":["MGASA-2025-0218","MGASA-2025-0219","SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38293.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/31e98e277ae47f56632e4d663b1d4fd12ba33ea8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6c139015b597e570dd5962934e9f9a2f4cc8ef48"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6d6cb27fe146061f2512e904618f5e005bb7bb6a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/b0974ed82e6ad5ff246fd90a5b14f3e7be4f2924"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f50ba7e7b607f2d00618799312e7fdb76a1ff48e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f5d77d0d41ea7a204d47288d0cf0404a52b5890e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f9507cf2dd0e1ed5028c0e8240da6fe5fd3110d3"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38293.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38293"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"d5c65159f2895379e11ca13f62feabe93278985d"},{"fixed":"6c139015b597e570dd5962934e9f9a2f4cc8ef48"},{"fixed":"f9507cf2dd0e1ed5028c0e8240da6fe5fd3110d3"},{"fixed":"b0974ed82e6ad5ff246fd90a5b14f3e7be4f2924"},{"fixed":"f50ba7e7b607f2d00618799312e7fdb76a1ff48e"},{"fixed":"f5d77d0d41ea7a204d47288d0cf0404a52b5890e"},{"fixed":"6d6cb27fe146061f2512e904618f5e005bb7bb6a"},{"fixed":"31e98e277ae47f56632e4d663b1d4fd12ba33ea8"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38293.json"}}],"schema_version":"1.7.5"}