CVE-2025-38343
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-11-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves the Linux kernel's handling of WiFi fragmentation in the mt76 driver for the mt7996 chipset. Specifically, the kernel incorrectly allowed IEEE 802.11 fragmentation to be applied to multicast or broadcast frames, which is not compliant with the standard that only permits fragmentation for unicast frames. The vulnerability is addressed by dropping fragments with multicast or broadcast receiver addresses (RA), preventing potential exploitation.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow attackers to misuse fragmented multicast or broadcast frames, potentially leading to security issues such as denial of service or unauthorized network behavior. By dropping such fragments, the patch prevents these risks, improving the security and stability of the affected WiFi functionality.