CVE-2025-38414

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 GCC_GCC_PCIE_HOT_RST is wrongly defined for WCN7850, causing kernel crash on some specific platforms. Since this register is divergent for WCN7850 and QCN9274, move it to register table to allow different definitions. Then correct the register address for WCN7850 to fix this issue. Note IPQ5332 is not affected as it is not PCIe based device. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/569972c5bdb839b0eaf8aba6ce76ea0b78e2acf8	Patch
https://git.kernel.org/stable/c/7588a893cde5385ad308400ff167d29a29913b3a	Patch
https://git.kernel.org/stable/c/d71ac5694b33c80f1de97d074f6fbdc6c01a9d61	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.16:rc1::::::

History

19 Nov 2025, 18:59

Type	Values Removed	Values Added
CPE		cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.16:rc1::::::
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~() https://git.kernel.org/stable/c/569972c5bdb839b0eaf8aba6ce76ea0b78e2acf8 -~~	() https://git.kernel.org/stable/c/569972c5bdb839b0eaf8aba6ce76ea0b78e2acf8 - Patch
References	~~() https://git.kernel.org/stable/c/7588a893cde5385ad308400ff167d29a29913b3a -~~	() https://git.kernel.org/stable/c/7588a893cde5385ad308400ff167d29a29913b3a - Patch
References	~~() https://git.kernel.org/stable/c/d71ac5694b33c80f1de97d074f6fbdc6c01a9d61 -~~	() https://git.kernel.org/stable/c/d71ac5694b33c80f1de97d074f6fbdc6c01a9d61 - Patch
CWE		NVD-CWE-noinfo

Information

Published : 2025-07-25 14:15

Updated : 2025-11-19 18:59

NVD link : CVE-2025-38414

Mitre link : CVE-2025-38414

CVE.ORG link : CVE-2025-38414

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2025-38414", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-07-25T14:15:33.140", "references": [{"url": "https://git.kernel.org/stable/c/569972c5bdb839b0eaf8aba6ce76ea0b78e2acf8", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7588a893cde5385ad308400ff167d29a29913b3a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/d71ac5694b33c80f1de97d074f6fbdc6c01a9d61", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850\n\nGCC_GCC_PCIE_HOT_RST is wrongly defined for WCN7850, causing kernel crash\non some specific platforms.\n\nSince this register is divergent for WCN7850 and QCN9274, move it to\nregister table to allow different definitions. Then correct the register\naddress for WCN7850 to fix this issue.\n\nNote IPQ5332 is not affected as it is not PCIe based device.\n\nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath12k: correcci\u00f3n de la definici\u00f3n de GCC_GCC_PCIE_HOT_RST para WCN7850. GCC_GCC_PCIE_HOT_RST est\u00e1 mal definido para WCN7850, lo que provoca un fallo del kernel en algunas plataformas espec\u00edficas. Dado que este registro es divergente para WCN7850 y QCN9274, mu\u00e9valo a la tabla de registros para permitir definiciones diferentes. A continuaci\u00f3n, corrija la direcci\u00f3n del registro de WCN7850 para solucionar este problema. Nota: IPQ5332 no se ve afectado, ya que no es un dispositivo basado en PCIe. Probado en: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3"}], "lastModified": "2025-11-19T18:59:15.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55CA54BF-D496-4699-979F-8DAA815A3A55", "versionEndExcluding": "6.12.34", "versionStartIncluding": "6.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0541C761-BD5E-4C1A-8432-83B375D7EB92", "versionEndExcluding": "6.15.3", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D4894DB-CCFE-4602-B1BF-3960B2E19A01"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}