CVE-2025-39746: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-39746 is a vulnerability in the Linux kernel's ath10k WiFi driver, discovered and disclosed on September 11, 2025. The vulnerability affects systems using the QCA6174 hardware with the ath10k PCIe driver (NVD).

The vulnerability occurs when the ath10k driver loses connection with the PCIe bus due to unknown reasons, which can lead to system crashes during resume operations due to watchdog timeout. The issue manifests when WMI commands timeout and attempt to restart the device repeatedly. The vulnerability has been assigned a CVSS v3 Base Score of 7 (High) by Red Hat, with Local attack vector and High attack complexity (Snyk).

When exploited, this vulnerability can result in system crashes during resume operations, causing complete system unavailability. The issue specifically affects systems using the QCA6174 hw3.2 PCI WLAN hardware with firmware version WLAN.RM.4.4.1-00288-QCARMSWPZ-1 (NVD).

The vulnerability has been resolved by implementing a threshold for consecutive restart failures. When this threshold is exceeded, the system considers the hardware unreliable and skips all ath10k operations to prevent system crashes. The fix uses atomic variables (failcontcount and pending_recovery) to ensure the recovery mechanism remains stable even during concurrent operations (NVD).