{"vulnerability": "CVE-2025-23133", "sightings": [{"uuid": "42a06f75-f8cc-4be2-8ca4-3bdbe30b89ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23133", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities_20260408", "content": "", "creation_timestamp": "2026-04-07T18:00:00.000000Z"}, {"uuid": "9ebc5e41-0a77-4990-8c0e-dc973d3fdbe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23133", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0397/", "content": "", "creation_timestamp": "2026-04-02T17:00:00.000000Z"}, {"uuid": "9737d7c6-c163-4544-9ee3-94d0234e343f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23133", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14801", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23133\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: update channel list in reg notifier instead reg worker\n\nCurrently when ath11k gets a new channel list, it will be processed\naccording to the following steps:\n1. update new channel list to cfg80211 and queue reg_work.\n2. cfg80211 handles new channel list during reg_work.\n3. update cfg80211's handled channel list to firmware by\nath11k_reg_update_chan_list().\n\nBut ath11k will immediately execute step 3 after reg_work is just\nqueued. Since step 2 is asynchronous, cfg80211 may not have completed\nhandling the new channel list, which may leading to an out-of-bounds\nwrite error:\nBUG: KASAN: slab-out-of-bounds in ath11k_reg_update_chan_list\nCall Trace:\n    ath11k_reg_update_chan_list+0xbfe/0xfe0 [ath11k]\n    kfree+0x109/0x3a0\n    ath11k_regd_update+0x1cf/0x350 [ath11k]\n    ath11k_regd_update_work+0x14/0x20 [ath11k]\n    process_one_work+0xe35/0x14c0\n\nShould ensure step 2 is completely done before executing step 3. Thus\nWen raised patch[1]. When flag NL80211_REGDOM_SET_BY_DRIVER is set,\ncfg80211 will notify ath11k after step 2 is done.\n\nSo enable the flag NL80211_REGDOM_SET_BY_DRIVER then cfg80211 will\nnotify ath11k after step 2 is done. At this time, there will be no\nKASAN bug during the execution of the step 3.\n\n[1] https://patchwork.kernel.org/project/linux-wireless/patch/20230201065313.27203-1-quic_wgong@quicinc.com/\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3\n\ud83d\udccf Published: 2025-04-16T14:13:14.485Z\n\ud83d\udccf Modified: 2025-05-04T13:07:06.636Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/f952fb83c9c6f908d27500764c4aee1df04b9d3f\n2. https://git.kernel.org/stable/c/933ab187e679e6fbdeea1835ae39efcc59c022d2", "creation_timestamp": "2025-05-04T13:18:44.000000Z"}, {"uuid": "50a377b6-bf6d-433b-9d6d-b8a3d2659ad4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23133", "type": "seen", "source": "https://t.me/cvedetector/23115", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-23133 - Ath11k Linux Kernel Out-of-Bounds Write Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-23133 \nPublished : April 16, 2025, 3:16 p.m. | 23\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nwifi: ath11k: update channel list in reg notifier instead reg worker  \n  \nCurrently when ath11k gets a new channel list, it will be processed  \naccording to the following steps:  \n1. update new channel list to cfg80211 and queue reg_work.  \n2. cfg80211 handles new channel list during reg_work.  \n3. update cfg80211's handled channel list to firmware by  \nath11k_reg_update_chan_list().  \n  \nBut ath11k will immediately execute step 3 after reg_work is just  \nqueued. Since step 2 is asynchronous, cfg80211 may not have completed  \nhandling the new channel list, which may leading to an out-of-bounds  \nwrite error:  \nBUG: KASAN: slab-out-of-bounds in ath11k_reg_update_chan_list  \nCall Trace:  \n    ath11k_reg_update_chan_list+0xbfe/0xfe0 [ath11k]  \n    kfree+0x109/0x3a0  \n    ath11k_regd_update+0x1cf/0x350 [ath11k]  \n    ath11k_regd_update_work+0x14/0x20 [ath11k]  \n    process_one_work+0xe35/0x14c0  \n  \nShould ensure step 2 is completely done before executing step 3. Thus  \nWen raised patch[1]. When flag NL80211_REGDOM_SET_BY_DRIVER is set,  \ncfg80211 will notify ath11k after step 2 is done.  \n  \nSo enable the flag NL80211_REGDOM_SET_BY_DRIVER then cfg80211 will  \nnotify ath11k after step 2 is done. At this time, there will be no  \nKASAN bug during the execution of the step 3.  \n  \n[1]   \n  \nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-16T17:43:37.000000Z"}, {"uuid": "3d9a89f7-7877-481a-ad43-f2316c33bacf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23133", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}]}