CVE-2025-68380

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: ath11k: fix peer HE MCS assignment<br /> <br /> In ath11k_wmi_send_peer_assoc_cmd(), peer&amp;#39;s transmit MCS is sent to<br /> firmware as receive MCS while peer&amp;#39;s receive MCS sent as transmit MCS,<br /> which goes against firmwire&amp;#39;s definition.<br /> <br /> While connecting to a misbehaved AP that advertises 0xffff (meaning not<br /> supported) for 160 MHz transmit MCS map, firmware crashes due to 0xffff<br /> is assigned to he_mcs-&gt;rx_mcs_set field.<br /> <br /> Ext Tag: HE Capabilities<br /> [...]<br /> Supported HE-MCS and NSS Set<br /> [...]<br /> Rx and Tx MCS Maps 160 MHz<br /> [...]<br /> Tx HE-MCS Map 160 MHz: 0xffff<br /> <br /> Swap the assignment to fix this issue.<br /> <br /> As the HE rate control mask is meant to limit our own transmit MCS, it<br /> needs to go via he_mcs-&gt;rx_mcs_set field. With the aforementioned swapping<br /> done, change is needed as well to apply it to the peer&amp;#39;s receive MCS.<br /> <br /> Tested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41<br /> Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1