CVE-2025-37743 is a memory leak vulnerability identified in the Linux kernel's ath12k wireless driver, which handles Qualcomm Atheros Wi-Fi chipsets. The vulnerability arises from improper memory management in the driver's handling of monitor destination rings used for extended statistics mode. Specifically, when the Access Point (AP) interface is enabled, the driver activates extended statistics mode and subscribes to the HAL_RX_MPDU_START TLV (Type-Length-Value) in the filter configuration. Upon receiving this TLV, the driver allocates memory (using kzalloc) for a mon_mpdu object but fails to free it, causing a memory leak. This allocation is only necessary when enabling standalone monitor mode, which is not active in extended statistics mode, leading to unnecessary and unreleased memory consumption. The vulnerability does not affect standalone monitor mode operations, as those are handled separately and correctly. The fix involves removing the kzalloc call for the mon_mpdu object during HAL_RX_MPDU_START TLV handling in extended statistics mode and deferring standalone monitor mode TLV handling to future updates. The flaw was tested on specific hardware versions (QCN9274 hw2.0 and WCN7850 hw2.0) and associated firmware builds. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability is technical and specific to Linux kernel versions incorporating the affected ath12k driver code, impacting systems using these Qualcomm Atheros Wi-Fi chipsets.

For European organizations, this vulnerability could lead to gradual memory exhaustion on affected Linux systems using the ath12k driver in AP mode with extended statistics enabled. While it does not directly allow code execution or privilege escalation, the memory leak can degrade system stability and availability over time, potentially causing service interruptions or crashes in critical network infrastructure such as wireless access points, routers, or embedded devices running Linux. This could impact enterprises, ISPs, and public institutions relying on Linux-based wireless networking equipment. The leak might also complicate forensic or monitoring activities due to corrupted or incomplete statistics data. Although exploitation requires specific driver usage scenarios and does not involve user interaction or authentication, the widespread deployment of Linux and Qualcomm Atheros chipsets in Europe means that many organizations could be affected if patches are not applied promptly. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks leveraging this vulnerability to cause denial-of-service conditions.

European organizations should prioritize updating their Linux kernel versions to include the patch that removes the unnecessary kzalloc call in the ath12k driver. Since the vulnerability is specific to certain Qualcomm Atheros chipsets, organizations should inventory their hardware to identify affected devices. For embedded or specialized devices where kernel updates are not straightforward, consider disabling extended statistics mode or the AP interface temporarily if feasible to mitigate memory leak risks. Network administrators should monitor system memory usage on wireless infrastructure for abnormal increases that could indicate exploitation attempts. Additionally, vendors and integrators should be engaged to ensure firmware and driver updates are deployed promptly. Implementing robust system monitoring and alerting for memory leaks and crashes in wireless networking components will help detect exploitation attempts early. Finally, organizations should maintain up-to-date backups and incident response plans to address potential service disruptions caused by this vulnerability.