CVE-2025-37976

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process<br /> <br /> [ Upstream commit 63fdc4509bcf483e79548de6bc08bf3c8e504bb3 ]<br /> <br /> Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry<br /> to fetch the next entry from the destination ring. This is incorrect because<br /> ath12k_hal_srng_src_get_next_entry is intended for source rings, not destination<br /> rings. This leads to invalid entry fetches, causing potential data corruption or<br /> crashes due to accessing incorrect memory locations. This happens because the<br /> source ring and destination ring have different handling mechanisms and using<br /> the wrong function results in incorrect pointer arithmetic and ring management.<br /> <br /> To fix this issue, replace the call to ath12k_hal_srng_src_get_next_entry with<br /> ath12k_hal_srng_dst_get_next_entry in ath12k_dp_mon_srng_process. This ensures<br /> that the correct function is used for fetching entries from the destination<br /> ring, preventing invalid memory accesses.<br /> <br /> Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPL_SILICONZ-1<br /> Tested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3