Main Vulnerability Database SB20251015117

SB20251015117 - NULL pointer dereference in Linux kernel ath ath11k driver

Published: October 15, 2025

Security Bulletin ID SB20251015117

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2025-39991)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ath11k_qmi_m3_load() function in drivers/net/wireless/ath/ath11k/qmi.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/1f52119809b76d43759fc47da1cf708690b740a1
https://git.kernel.org/stable/c/3fd2ef2ae2b5c955584a3bee8e83ae7d7a98f782
https://git.kernel.org/stable/c/500fcc31e488d798937a23dbb1f62db46820c5b2
https://git.kernel.org/stable/c/888830b2cbc035838bebefe94502976da94332a5