CVE-2025-37976: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability (CVE-2025-37976) was discovered in the Linux kernel's wifi component, specifically in the ath12k driver, affecting the ath12kdpmonsrngprocess functionality. The issue was disclosed on May 20, 2025, and impacts systems using the QCN9274 hw2.0 and WCN7850 hw2.0 wireless hardware (Kernel Git, Wiz).

The vulnerability stems from an incorrect implementation in the ath12kdpmonsrngprocess function, which erroneously uses ath12khalsrngsrcgetnextentry to fetch entries from a destination ring instead of using the appropriate destination ring function. This misuse leads to invalid entry fetches, as source rings and destination rings have different handling mechanisms. The incorrect pointer arithmetic and ring management can result in accessing incorrect memory locations. The vulnerability has been assigned a CVSS 3.1 score of 7.0 (MEDIUM) with the vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (Red Hat).

The vulnerability can cause potential data corruption or system crashes due to invalid memory accesses when processing entries in the wireless monitoring functionality (Wiz).

The issue has been resolved by replacing the call to ath12khalsrngsrcgetnextentry with ath12khalsrngdstgetnextentry in the ath12kdpmonsrngprocess function. This fix ensures proper handling of destination ring entries and prevents invalid memory accesses. The fix has been tested on QCN9274 hw2.0 PCI WLAN.WBE.1.3.1-00173-QCAHKSWPLSILICONZ-1 and WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPLV1.0V2.0SILICONZ-3 (Wiz).