Impact
The ath11k Wi‑Fi driver in the Linux kernel contains a defect where memory allocated for beacon templates within ath11k_mac_setup_bcn_tmpl_ema() and ath11k_mac_setup_bcn_tmpl_mbssid() is not released when setup fails. This oversight causes a memory leak that can gradually exhaust kernel heap space, potentially degrading system performance or triggering out‑of‑memory conditions.
Affected Systems
The flaw resides in the ath11k driver component of the Linux kernel. Any system running a kernel version that includes the buggy beacon‑template logic is susceptible, including older mainline or custom builds that have not applied the recent patch commit. The CVE references a patch in the upstream kernel sources but no specific kernel version was listed in the advisory.
Risk and Exploitability
EPSS indicates that exploitation is unlikely, with a score less than 1%. The CVSS score of 5.5 reflects moderate severity. No known exploitation is currently reported and the CVE is not listed in the CISA KEV catalog. The memory leak can be triggered when beacon template setup fails; repeated failures may exhaust kernel memory, potentially causing out‑of‑memory conditions or system instability. While the vulnerability does not enable code execution, the resulting denial of service could affect availability of the system, particularly in long‑running deployments or those with high Wi‑Fi traffic.
OpenCVE Enrichment