CVE-2025-38290: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability in the Linux kernel's WLAN recovery code flow has been identified and tracked as CVE-2025-38290. The issue specifically affects the ath12k driver's handling of the 'arvifs' list head during WLAN recovery operations. The vulnerability was discovered and disclosed on July 10, 2025, affecting Linux kernel systems using the ath12k wireless driver (NVD CVE).

The vulnerability stems from the ath12kcorehalt() function only reinitializing the 'arvifs' list head, which causes corruption in the list node immediately following it. The issue manifests when the next pointer of the list head no longer points to the correct list node, while the previous pointer of that node still points to the list head. This condition can trigger a kernel panic when a WLAN recovery occurs during vif removal execution, specifically before the spinlockbh(&ar->datalock) in ath12kmacvdevdelete(). The vulnerability has been confirmed on QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1 systems (Debian Tracker).

When exploited, this vulnerability can cause a kernel panic in affected Linux systems, potentially leading to system crashes and denial of service conditions. The issue specifically impacts systems using the ath12k wireless driver during WLAN recovery operations (NVD CVE).

The fix involves modifying the WLAN halt process to remove and reinitialize all vif list nodes from the list head 'arvifs'. This ensures that the list nodes remain valid and that listdel() in ath12kmacvdevdelete() can execute normally. The patch is based on a similar fix implemented for ath11k (Debian Tracker).