CVE-2025-38512

{"id": "CVE-2025-38512", "cveTags": [], "metrics": {}, "published": "2025-08-16T11:15:44.263", "references": [{"url": "https://git.kernel.org/stable/c/6e3b09402cc6c3e3474fa548e8adf6897dda05de", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/737bb912ebbe4571195c56eba557c4d7315b26fb", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e01851f6e9a665a6011b14714b271d3e6b0b8d32", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e2c8a3c0388aef6bfc4aabfba07bc7dff16eea80", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/ec6392061de6681148b63ee6c8744da833498cdd", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: prevent A-MSDU attacks in mesh networks\n\nThis patch is a mitigation to prevent the A-MSDU spoofing vulnerability\nfor mesh networks. The initial update to the IEEE 802.11 standard, in\nresponse to the FragAttacks, missed this case (CVE-2025-27558). It can\nbe considered a variant of CVE-2020-24588 but for mesh networks.\n\nThis patch tries to detect if a standard MSDU was turned into an A-MSDU\nby an adversary. This is done by parsing a received A-MSDU as a standard\nMSDU, calculating the length of the Mesh Control header, and seeing if\nthe 6 bytes after this header equal the start of an rfc1042 header. If\nequal, this is a strong indication of an ongoing attack attempt.\n\nThis defense was tested with mac80211_hwsim against a mesh network that\nuses an empty Mesh Address Extension field, i.e., when four addresses\nare used, and when using a 12-byte Mesh Address Extension field, i.e.,\nwhen six addresses are used. Functionality of normal MSDUs and A-MSDUs\nwas also tested, and confirmed working, when using both an empty and\n12-byte Mesh Address Extension field.\n\nIt was also tested with mac80211_hwsim that A-MSDU attacks in non-mesh\nnetworks keep being detected and prevented.\n\nNote that the vulnerability being patched, and the defense being\nimplemented, was also discussed in the following paper and in the\nfollowing IEEE 802.11 presentation:\n\nhttps://papers.mathyvanhoef.com/wisec2025.pdf\nhttps://mentor.ieee.org/802.11/dcn/25/11-25-0949-00-000m-a-msdu-mesh-spoof-protection.docx"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: prevenir ataques A-MSDU en redes de malla Este parche es una mitigaci\u00f3n para prevenir la vulnerabilidad de suplantaci\u00f3n de A-MSDU para redes de malla. La actualizaci\u00f3n inicial del est\u00e1ndar IEEE 802.11, en respuesta a los FragAttacks, pas\u00f3 por alto este caso (CVE-2025-27558). Puede considerarse una variante de CVE-2020-24588 pero para redes de malla. Este parche intenta detectar si un adversario convirti\u00f3 una MSDU est\u00e1ndar en una A-MSDU. Esto se hace analizando una A-MSDU recibida como una MSDU est\u00e1ndar, calculando la longitud del encabezado Mesh Control y viendo si los 6 bytes despu\u00e9s de este encabezado equivalen al comienzo de un encabezado rfc1042. Si son iguales, esto es un fuerte indicio de un intento de ataque en curso. Esta defensa se prob\u00f3 con mac80211_hwsim contra una red en malla que utiliza un campo de extensi\u00f3n de direcci\u00f3n de malla vac\u00edo (es decir, cuando se utilizan cuatro direcciones) y un campo de extensi\u00f3n de direcci\u00f3n de malla de 12 bytes (es decir, cuando se utilizan seis direcciones). Tambi\u00e9n se prob\u00f3 la funcionalidad de las MSDU normales y las A-MSDU, y se confirm\u00f3 su funcionamiento, tanto al utilizar un campo de extensi\u00f3n de direcci\u00f3n de malla vac\u00edo como al utilizar un campo de extensi\u00f3n de direcci\u00f3n de malla de 12 bytes. Tambi\u00e9n se prob\u00f3 con mac80211_hwsim que los ataques A-MSDU en redes no en malla se siguen detectando y previniendo. Tenga en cuenta que la vulnerabilidad que se est\u00e1 reparando y la defensa que se est\u00e1 implementando tambi\u00e9n se analizaron en el siguiente documento y en la siguiente presentaci\u00f3n IEEE 802.11: https://papers.mathyvanhoef.com/wisec2025.pdf https://mentor.ieee.org/802.11/dcn/25/11-25-0949-00-000m-a-msdu-mesh-spoof-protection.docx"}], "lastModified": "2025-08-18T20:16:28.750", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}