{"id":"AZL-66398","summary":"CVE-2025-38512 affecting package kernel for versions less than 6.6.104.2-1","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: prevent A-MSDU attacks in mesh networks\n\nThis patch is a mitigation to prevent the A-MSDU spoofing vulnerability\nfor mesh networks. The initial update to the IEEE 802.11 standard, in\nresponse to the FragAttacks, missed this case (CVE-2025-27558). It can\nbe considered a variant of CVE-2020-24588 but for mesh networks.\n\nThis patch tries to detect if a standard MSDU was turned into an A-MSDU\nby an adversary. This is done by parsing a received A-MSDU as a standard\nMSDU, calculating the length of the Mesh Control header, and seeing if\nthe 6 bytes after this header equal the start of an rfc1042 header. If\nequal, this is a strong indication of an ongoing attack attempt.\n\nThis defense was tested with mac80211_hwsim against a mesh network that\nuses an empty Mesh Address Extension field, i.e., when four addresses\nare used, and when using a 12-byte Mesh Address Extension field, i.e.,\nwhen six addresses are used. Functionality of normal MSDUs and A-MSDUs\nwas also tested, and confirmed working, when using both an empty and\n12-byte Mesh Address Extension field.\n\nIt was also tested with mac80211_hwsim that A-MSDU attacks in non-mesh\nnetworks keep being detected and prevented.\n\nNote that the vulnerability being patched, and the defense being\nimplemented, was also discussed in the following paper and in the\nfollowing IEEE 802.11 presentation:\n\nhttps://papers.mathyvanhoef.com/wisec2025.pdf\nhttps://mentor.ieee.org/802.11/dcn/25/11-25-0949-00-000m-a-msdu-mesh-spoof-protection.docx","modified":"2026-04-01T05:21:46.231516Z","published":"2025-08-16T11:15:44Z","upstream":["CVE-2025-38512"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38512"}],"affected":[{"package":{"name":"kernel","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/kernel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.104.2-1"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66398.json"}}],"schema_version":"1.7.5"}