{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-21909","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.786Z","datePublished":"2025-04-01T15:40:48.680Z","dateUpdated":"2026-05-11T21:08:52.502Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:08:52.502Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject cooked mode if it is set along with other flags\n\nIt is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE\nflags simultaneously on the same monitor interface from the userspace. This\ncauses a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit\nset because the monitor interface is in the cooked state and it takes\nprecedence over all other states. When the interface is then being deleted\nthe kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing\nthat bit.\n\nFix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with\nother flags.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/wireless/nl80211.c"],"versions":[{"version":"66f7ac50ed7cc5c19a62bc97e8f6e7891004a03a","lessThan":"5ea856d93794c4afa5542defd8c61f2708dc245a","status":"affected","versionType":"git"},{"version":"66f7ac50ed7cc5c19a62bc97e8f6e7891004a03a","lessThan":"351eb7ac53ff1cd94d893c0c4534ced2f36ae7d7","status":"affected","versionType":"git"},{"version":"66f7ac50ed7cc5c19a62bc97e8f6e7891004a03a","lessThan":"cd1bdcb77fdc03c253137e55bae10551b3481461","status":"affected","versionType":"git"},{"version":"66f7ac50ed7cc5c19a62bc97e8f6e7891004a03a","lessThan":"236f41ca728f23210b31ed2d1d8a6df575a4b2d6","status":"affected","versionType":"git"},{"version":"66f7ac50ed7cc5c19a62bc97e8f6e7891004a03a","lessThan":"ebebbb0eded2ed9a1abfa31962f6fb699e6abce7","status":"affected","versionType":"git"},{"version":"66f7ac50ed7cc5c19a62bc97e8f6e7891004a03a","lessThan":"521e55c2b0d6028861ac0a2d06aa57bb0e3ac486","status":"affected","versionType":"git"},{"version":"66f7ac50ed7cc5c19a62bc97e8f6e7891004a03a","lessThan":"ac4860141300581d3e2f6c6dafa37220f7ea9f65","status":"affected","versionType":"git"},{"version":"66f7ac50ed7cc5c19a62bc97e8f6e7891004a03a","lessThan":"49f27f29446a5bfe633dd2cc0cfebd48a1a5e77f","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/wireless/nl80211.c"],"versions":[{"version":"2.6.26","status":"affected"},{"version":"0","lessThan":"2.6.26","status":"unaffected","versionType":"semver"},{"version":"5.4.291","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.235","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.179","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.131","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.83","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.19","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13.7","lessThanOrEqual":"6.13.*","status":"unaffected","versionType":"semver"},{"version":"6.14","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"5.4.291"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"5.10.235"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"5.15.179"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.1.131"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.6.83"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.12.19"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.13.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.26","versionEndExcluding":"6.14"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5ea856d93794c4afa5542defd8c61f2708dc245a"},{"url":"https://git.kernel.org/stable/c/351eb7ac53ff1cd94d893c0c4534ced2f36ae7d7"},{"url":"https://git.kernel.org/stable/c/cd1bdcb77fdc03c253137e55bae10551b3481461"},{"url":"https://git.kernel.org/stable/c/236f41ca728f23210b31ed2d1d8a6df575a4b2d6"},{"url":"https://git.kernel.org/stable/c/ebebbb0eded2ed9a1abfa31962f6fb699e6abce7"},{"url":"https://git.kernel.org/stable/c/521e55c2b0d6028861ac0a2d06aa57bb0e3ac486"},{"url":"https://git.kernel.org/stable/c/ac4860141300581d3e2f6c6dafa37220f7ea9f65"},{"url":"https://git.kernel.org/stable/c/49f27f29446a5bfe633dd2cc0cfebd48a1a5e77f"}],"title":"wifi: nl80211: reject cooked mode if it is set along with other flags","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:38:54.220Z"}}]}}