CVE-2025-23133: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-23133 is a vulnerability discovered in the Linux kernel's ath11k WiFi driver, disclosed on April 16, 2025. The vulnerability affects the channel list update process in the driver's regulatory domain handling mechanism. This issue specifically impacts systems using the ath11k wireless driver, particularly those with WCN6855 hardware (NVD, Debian Tracker).

The vulnerability stems from an asynchronous processing issue in the ath11k driver's channel list update mechanism. The process follows three steps: 1) updating new channel list to cfg80211 and queuing regwork, 2) cfg80211 handling the channel list during regwork, and 3) updating cfg80211's handled channel list to firmware. The bug occurs because step 3 executes immediately after reg_work is queued, without waiting for step 2 to complete, potentially leading to an out-of-bounds write error. The vulnerability has been assigned a CVSS v3.1 score of 6.0 with vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H (Red Hat XML).

The vulnerability results in a slab-out-of-bounds condition in the ath11kregupdatechanlist function, which could lead to memory corruption. This is evidenced by KASAN (Kernel Address Sanitizer) detecting out-of-bounds access during the channel list update process (NVD).

A fix has been implemented by enabling the NL80211REGDOMSETBYDRIVER flag, which ensures cfg80211 notifies ath11k after the channel list handling is complete. This modification prevents the KASAN bug during step 3 execution. The patch has been tested and verified on WCN6855 hardware (Debian Tracker).