CVE-2025-38512

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: prevent A-MSDU attacks in mesh networks<br /> <br /> This patch is a mitigation to prevent the A-MSDU spoofing vulnerability<br /> for mesh networks. The initial update to the IEEE 802.11 standard, in<br /> response to the FragAttacks, missed this case (CVE-2025-27558). It can<br /> be considered a variant of CVE-2020-24588 but for mesh networks.<br /> <br /> This patch tries to detect if a standard MSDU was turned into an A-MSDU<br /> by an adversary. This is done by parsing a received A-MSDU as a standard<br /> MSDU, calculating the length of the Mesh Control header, and seeing if<br /> the 6 bytes after this header equal the start of an rfc1042 header. If<br /> equal, this is a strong indication of an ongoing attack attempt.<br /> <br /> This defense was tested with mac80211_hwsim against a mesh network that<br /> uses an empty Mesh Address Extension field, i.e., when four addresses<br /> are used, and when using a 12-byte Mesh Address Extension field, i.e.,<br /> when six addresses are used. Functionality of normal MSDUs and A-MSDUs<br /> was also tested, and confirmed working, when using both an empty and<br /> 12-byte Mesh Address Extension field.<br /> <br /> It was also tested with mac80211_hwsim that A-MSDU attacks in non-mesh<br /> networks keep being detected and prevented.<br /> <br /> Note that the vulnerability being patched, and the defense being<br /> implemented, was also discussed in the following paper and in the<br /> following IEEE 802.11 presentation:<br /> <br /> https://papers.mathyvanhoef.com/wisec2025.pdf<br /> https://mentor.ieee.org/802.11/dcn/25/11-25-0949-00-000m-a-msdu-mesh-spoof-protection.docx