CVE-2025-38512
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-16

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this case (CVE-2025-27558). It can be considered a variant of CVE-2020-24588 but for mesh networks. This patch tries to detect if a standard MSDU was turned into an A-MSDU by an adversary. This is done by parsing a received A-MSDU as a standard MSDU, calculating the length of the Mesh Control header, and seeing if the 6 bytes after this header equal the start of an rfc1042 header. If equal, this is a strong indication of an ongoing attack attempt. This defense was tested with mac80211_hwsim against a mesh network that uses an empty Mesh Address Extension field, i.e., when four addresses are used, and when using a 12-byte Mesh Address Extension field, i.e., when six addresses are used. Functionality of normal MSDUs and A-MSDUs was also tested, and confirmed working, when using both an empty and 12-byte Mesh Address Extension field. It was also tested with mac80211_hwsim that A-MSDU attacks in non-mesh networks keep being detected and prevented. Note that the vulnerability being patched, and the defense being implemented, was also discussed in the following paper and in the following IEEE 802.11 presentation: https://papers.mathyvanhoef.com/wisec2025.pdf https://mentor.ieee.org/802.11/dcn/25/11-25-0949-00-000m-a-msdu-mesh-spoof-protection.docx
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-16
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-08-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-38512
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves A-MSDU spoofing attacks in mesh networks within the Linux kernel's WiFi implementation. An attacker can manipulate standard MSDU frames to appear as aggregated A-MSDU frames, potentially bypassing security checks. The vulnerability arises because the initial IEEE 802.11 update missed this attack vector in mesh networks. The patch mitigates this by detecting if a standard MSDU was turned into an A-MSDU by parsing the frame and checking specific header fields to identify spoofing attempts.


How can this vulnerability impact me? :

If exploited, this vulnerability could allow an attacker to spoof aggregated WiFi frames in mesh networks, potentially leading to unauthorized network access, data interception, or disruption of network communications. This could compromise the integrity and confidentiality of data transmitted over the affected mesh network.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by parsing received A-MSDU frames as standard MSDUs, calculating the length of the Mesh Control header, and checking if the 6 bytes after this header match the start of an rfc1042 header. This indicates a strong likelihood of an ongoing attack attempt. However, no specific commands are provided in the available information.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is mitigated by applying the patch that prevents A-MSDU spoofing in mesh networks by implementing the described detection method. Immediate steps include updating the Linux kernel to a version that includes this patch to prevent the attack.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart