Bug 2393737 (CVE-2025-39732) - CVE-2025-39732 kernel: wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()
Summary: CVE-2025-39732 kernel: wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_...
Keywords:
Status: NEW
Alias: CVE-2025-39732
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-07 16:01 UTC by OSIDB Bzimport
Modified: 2025-09-09 08:15 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-09-07 16:01:37 UTC 
In the Linux kernel, the following vulnerability has been resolved:

wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()

ath11k_mac_disable_peer_fixed_rate() is passed as the iterator to
ieee80211_iterate_stations_atomic(). Note in this case the iterator is
required to be atomic, however ath11k_mac_disable_peer_fixed_rate() does
not follow it as it might sleep. Consequently below warning is seen:

BUG: sleeping function called from invalid context at wmi.c:304
Call Trace:
 <TASK>
 dump_stack_lvl
 __might_resched.cold
 ath11k_wmi_cmd_send
 ath11k_wmi_set_peer_param
 ath11k_mac_disable_peer_fixed_rate
 ieee80211_iterate_stations_atomic
 ath11k_mac_op_set_bitrate_mask.cold

Change to ieee80211_iterate_stations_mtx() to fix this issue.

Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30
Comment 1 Mauro Matteo Cascella 2025-09-09 08:15:03 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025090730-CVE-2025-39732-4c7f@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.