CVE-2025-38293: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability was discovered in the Linux kernel's WLAN recovery code flow, identified as CVE-2025-38293. The issue affects the ath11k driver's handling of the 'arvifs' list during WLAN recovery operations. This vulnerability was disclosed on July 10, 2025, and affects Linux kernel systems using the ath11k WLAN driver (NVD).

The vulnerability occurs in the ath11kcorehalt() function which only reinitializes the 'arvifs' list head. This causes the list node immediately following the list head to become invalid, as the prev pointer of that node still points to the list head 'arvifs', but the next pointer of the list head 'arvifs' no longer points to that list node. The issue manifests when a WLAN recovery occurs during the execution of a vif removal, specifically before the spinlockbh(&ar->datalock) in ath11kmacopremoveinterface(). The vulnerability was tested on QCA6698AQ hw2.1 PCI WLAN.HSP.1.1-04591-QCAHSPSWPLV1V2SILICONZ_IOE-1 hardware (CVE).

When triggered, the vulnerability causes list_del() to detect the inconsistent list state, resulting in a kernel panic. This can lead to system instability and denial of service conditions (NVD).

The fix involves modifying the WLAN halt procedure to remove and reinitialize all vif list nodes from the list head 'arvifs'. This reinitialization ensures that the list nodes remain valid, allowing listdel() in ath11kmacopremove_interface() to execute normally (NVD).