{"uuid": "50a377b6-bf6d-433b-9d6d-b8a3d2659ad4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23133", "type": "seen", "source": "https://t.me/cvedetector/23115", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23133 - Ath11k Linux Kernel Out-of-Bounds Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23133 \nPublished : April 16, 2025, 3:16 p.m. | 23\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nwifi: ath11k: update channel list in reg notifier instead reg worker  \n  \nCurrently when ath11k gets a new channel list, it will be processed  \naccording to the following steps:  \n1. update new channel list to cfg80211 and queue reg_work.  \n2. cfg80211 handles new channel list during reg_work.  \n3. update cfg80211's handled channel list to firmware by  \nath11k_reg_update_chan_list().  \n  \nBut ath11k will immediately execute step 3 after reg_work is just  \nqueued. Since step 2 is asynchronous, cfg80211 may not have completed  \nhandling the new channel list, which may leading to an out-of-bounds  \nwrite error:  \nBUG: KASAN: slab-out-of-bounds in ath11k_reg_update_chan_list  \nCall Trace:  \n    ath11k_reg_update_chan_list+0xbfe/0xfe0 [ath11k]  \n    kfree+0x109/0x3a0  \n    ath11k_regd_update+0x1cf/0x350 [ath11k]  \n    ath11k_regd_update_work+0x14/0x20 [ath11k]  \n    process_one_work+0xe35/0x14c0  \n  \nShould ensure step 2 is completely done before executing step 3. Thus  \nWen raised patch[1]. When flag NL80211_REGDOM_SET_BY_DRIVER is set,  \ncfg80211 will notify ath11k after step 2 is done.  \n  \nSo enable the flag NL80211_REGDOM_SET_BY_DRIVER then cfg80211 will  \nnotify ath11k after step 2 is done. At this time, there will be no  \nKASAN bug during the execution of the step 3.  \n  \n[1]   \n  \nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T17:43:37.000000Z"}