{"id":"CVE-2025-21909","summary":"wifi: nl80211: reject cooked mode if it is set along with other flags","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: reject cooked mode if it is set along with other flags\n\nIt is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE\nflags simultaneously on the same monitor interface from the userspace. This\ncauses a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit\nset because the monitor interface is in the cooked state and it takes\nprecedence over all other states. When the interface is then being deleted\nthe kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing\nthat bit.\n\nFix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with\nother flags.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.","modified":"2026-03-20T12:41:14.014812Z","published":"2025-04-01T15:40:48.680Z","related":["SUSE-SU-2025:01600-1","SUSE-SU-2025:01614-1","SUSE-SU-2025:01707-1","SUSE-SU-2025:01919-1","SUSE-SU-2025:01951-1","SUSE-SU-2025:01964-1","SUSE-SU-2025:01967-1","SUSE-SU-2025:20192-1","SUSE-SU-2025:20206-1","SUSE-SU-2025:20270-1","SUSE-SU-2025:20283-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21909.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/236f41ca728f23210b31ed2d1d8a6df575a4b2d6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/351eb7ac53ff1cd94d893c0c4534ced2f36ae7d7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/49f27f29446a5bfe633dd2cc0cfebd48a1a5e77f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/521e55c2b0d6028861ac0a2d06aa57bb0e3ac486"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5ea856d93794c4afa5542defd8c61f2708dc245a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ac4860141300581d3e2f6c6dafa37220f7ea9f65"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cd1bdcb77fdc03c253137e55bae10551b3481461"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ebebbb0eded2ed9a1abfa31962f6fb699e6abce7"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/21xxx/CVE-2025-21909.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-21909"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"66f7ac50ed7cc5c19a62bc97e8f6e7891004a03a"},{"fixed":"5ea856d93794c4afa5542defd8c61f2708dc245a"},{"fixed":"351eb7ac53ff1cd94d893c0c4534ced2f36ae7d7"},{"fixed":"cd1bdcb77fdc03c253137e55bae10551b3481461"},{"fixed":"236f41ca728f23210b31ed2d1d8a6df575a4b2d6"},{"fixed":"ebebbb0eded2ed9a1abfa31962f6fb699e6abce7"},{"fixed":"521e55c2b0d6028861ac0a2d06aa57bb0e3ac486"},{"fixed":"ac4860141300581d3e2f6c6dafa37220f7ea9f65"},{"fixed":"49f27f29446a5bfe633dd2cc0cfebd48a1a5e77f"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-21909.json"}}],"schema_version":"1.7.5"}