CVE-2025-21909
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
01/04/2025
Last modified:
01/04/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
wifi: nl80211: reject cooked mode if it is set along with other flags<br />
<br />
It is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE<br />
flags simultaneously on the same monitor interface from the userspace. This<br />
causes a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit<br />
set because the monitor interface is in the cooked state and it takes<br />
precedence over all other states. When the interface is then being deleted<br />
the kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing<br />
that bit.<br />
<br />
Fix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with<br />
other flags.<br />
<br />
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/236f41ca728f23210b31ed2d1d8a6df575a4b2d6
- https://git.kernel.org/stable/c/351eb7ac53ff1cd94d893c0c4534ced2f36ae7d7
- https://git.kernel.org/stable/c/49f27f29446a5bfe633dd2cc0cfebd48a1a5e77f
- https://git.kernel.org/stable/c/521e55c2b0d6028861ac0a2d06aa57bb0e3ac486
- https://git.kernel.org/stable/c/5ea856d93794c4afa5542defd8c61f2708dc245a
- https://git.kernel.org/stable/c/ac4860141300581d3e2f6c6dafa37220f7ea9f65
- https://git.kernel.org/stable/c/cd1bdcb77fdc03c253137e55bae10551b3481461
- https://git.kernel.org/stable/c/ebebbb0eded2ed9a1abfa31962f6fb699e6abce7