CVE-2025-37744 is a vulnerability identified in the Linux kernel specifically affecting the ath12k PCI wireless driver, which supports certain Qualcomm Atheros Wi-Fi chipsets such as the WCN7850 hardware. The issue is a memory leak occurring in the ath12k_pci_remove() function. During the device removal process, if the ATH12K_FLAG_QMI_FAIL bit is set, the allocated firmware memory is not properly freed because the function ath12k_fw_unmap() is not called. This leads to unreferenced memory objects remaining allocated, as detected by the kernel's kmemleak tool. The memory leak originates from the firmware allocation in ath12k_pci_probe() but lacks corresponding deallocation in the removal path under specific failure conditions. While this vulnerability does not appear to have an associated CVSS score yet and no known exploits are reported in the wild, it represents a resource management flaw in a critical kernel driver component related to wireless networking. The vulnerability was tested on the WCN7850 hw2.0 PCI WLAN hardware, indicating it affects devices using this hardware or similar Qualcomm Atheros chipsets supported by the ath12k driver. The leak could potentially degrade system stability or performance over time due to unreleased memory consumption, especially in environments where devices are frequently added and removed or where the failure condition triggering the leak occurs often.

For European organizations, the impact of this vulnerability primarily concerns systems running Linux kernels with the affected ath12k wireless driver, particularly those using Qualcomm Atheros WCN7850 or similar chipsets. The memory leak could lead to gradual resource exhaustion, causing system instability, degraded performance, or potential denial of service conditions in critical network infrastructure or endpoint devices. This is especially relevant for enterprises relying on Linux-based wireless access points, embedded devices, or servers with PCI Wi-Fi cards using the affected hardware. While the vulnerability does not directly enable code execution or privilege escalation, the resulting instability could disrupt business operations, particularly in sectors with high availability requirements such as finance, telecommunications, and critical infrastructure. Additionally, the leak could complicate forensic analysis or incident response by masking other issues or causing unpredictable system behavior. Since no known exploits exist yet, the immediate risk is moderate, but the vulnerability should be addressed promptly to prevent potential escalation or exploitation in the future.

European organizations should take the following specific mitigation steps: 1) Identify and inventory Linux systems using the ath12k driver with Qualcomm Atheros WCN7850 or related chipsets. 2) Apply the official Linux kernel patches that fix the memory leak in ath12k_pci_remove() as soon as they become available, or upgrade to a kernel version that includes this fix. 3) Monitor system logs and use kernel memory leak detection tools like kmemleak to detect any anomalous memory usage patterns related to wireless device removal. 4) Limit frequent hot-plugging or removal of affected PCI wireless devices until patched to reduce the risk of memory leaks accumulating. 5) For embedded or specialized devices, coordinate with hardware vendors or Linux distribution maintainers to ensure timely deployment of patches. 6) Implement robust system monitoring and alerting to detect early signs of resource exhaustion or instability potentially linked to this vulnerability. 7) Maintain a comprehensive asset management process to track affected hardware and software versions across the organization. These targeted steps go beyond generic advice by focusing on the specific driver, hardware, and operational contexts relevant to this vulnerability.