{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-38512","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T04:51:24.022Z","datePublished":"2025-08-16T10:54:54.285Z","dateUpdated":"2026-05-11T21:29:27.210Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:29:27.210Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: prevent A-MSDU attacks in mesh networks\n\nThis patch is a mitigation to prevent the A-MSDU spoofing vulnerability\nfor mesh networks. The initial update to the IEEE 802.11 standard, in\nresponse to the FragAttacks, missed this case (CVE-2025-27558). It can\nbe considered a variant of CVE-2020-24588 but for mesh networks.\n\nThis patch tries to detect if a standard MSDU was turned into an A-MSDU\nby an adversary. This is done by parsing a received A-MSDU as a standard\nMSDU, calculating the length of the Mesh Control header, and seeing if\nthe 6 bytes after this header equal the start of an rfc1042 header. If\nequal, this is a strong indication of an ongoing attack attempt.\n\nThis defense was tested with mac80211_hwsim against a mesh network that\nuses an empty Mesh Address Extension field, i.e., when four addresses\nare used, and when using a 12-byte Mesh Address Extension field, i.e.,\nwhen six addresses are used. Functionality of normal MSDUs and A-MSDUs\nwas also tested, and confirmed working, when using both an empty and\n12-byte Mesh Address Extension field.\n\nIt was also tested with mac80211_hwsim that A-MSDU attacks in non-mesh\nnetworks keep being detected and prevented.\n\nNote that the vulnerability being patched, and the defense being\nimplemented, was also discussed in the following paper and in the\nfollowing IEEE 802.11 presentation:\n\nhttps://papers.mathyvanhoef.com/wisec2025.pdf\nhttps://mentor.ieee.org/802.11/dcn/25/11-25-0949-00-000m-a-msdu-mesh-spoof-protection.docx"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/wireless/util.c"],"versions":[{"version":"79720743421753ff72bfa0d79976c534645b81c1","lessThan":"e2c8a3c0388aef6bfc4aabfba07bc7dff16eea80","status":"affected","versionType":"git"},{"version":"986e43b19ae9176093da35e0a844e65c8bf9ede7","lessThan":"ec6392061de6681148b63ee6c8744da833498cdd","status":"affected","versionType":"git"},{"version":"986e43b19ae9176093da35e0a844e65c8bf9ede7","lessThan":"e01851f6e9a665a6011b14714b271d3e6b0b8d32","status":"affected","versionType":"git"},{"version":"986e43b19ae9176093da35e0a844e65c8bf9ede7","lessThan":"6e3b09402cc6c3e3474fa548e8adf6897dda05de","status":"affected","versionType":"git"},{"version":"986e43b19ae9176093da35e0a844e65c8bf9ede7","lessThan":"737bb912ebbe4571195c56eba557c4d7315b26fb","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/wireless/util.c"],"versions":[{"version":"6.3","status":"affected"},{"version":"0","lessThan":"6.3","status":"unaffected","versionType":"semver"},{"version":"6.1.146","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.99","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.39","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.15.7","lessThanOrEqual":"6.15.*","status":"unaffected","versionType":"semver"},{"version":"6.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.107","versionEndExcluding":"6.1.146"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.6.99"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.12.39"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.15.7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3","versionEndExcluding":"6.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e2c8a3c0388aef6bfc4aabfba07bc7dff16eea80"},{"url":"https://git.kernel.org/stable/c/ec6392061de6681148b63ee6c8744da833498cdd"},{"url":"https://git.kernel.org/stable/c/e01851f6e9a665a6011b14714b271d3e6b0b8d32"},{"url":"https://git.kernel.org/stable/c/6e3b09402cc6c3e3474fa548e8adf6897dda05de"},{"url":"https://git.kernel.org/stable/c/737bb912ebbe4571195c56eba557c4d7315b26fb"}],"title":"wifi: prevent A-MSDU attacks in mesh networks","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:39:14.400Z"}}]}}