CVE-2025-38509
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38509
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38509.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38509
- Downstream
- Published
- 2025-08-16T10:54:46.493Z
- Modified
- 2025-11-27T02:33:03.732390Z
- Summary
- wifi: mac80211: reject VHT opmode for unsupported channel widths
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: reject VHT opmode for unsupported channel widths
VHT operating mode notifications are not defined for channel widths below 20 MHz. In particular, 5 MHz and 10 MHz are not valid under the VHT specification and must be rejected.
Without this check, malformed notifications using these widths may reach ieee80211chanwidthtorxbw(), leading to a WARNON due to invalid input. This issue was reported by syzbot.
Reject these unsupported widths early in stalinkapplyparameters() when opmodenotif is used. The accepted set includes 20, 40, 80, 160, and 80+80 MHz, which are valid for VHT. While 320 MHz is not defined for VHT, it is allowed to avoid rejecting HE or EHT clients that may still send a VHT opmode notification.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/cc431b3424123d84bcd7afd4de150b33f117a8ef/cves/2025/38xxx/CVE-2025-38509.json" }- References
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced751e7489c1d74b94ffffbed619d8fd724eeff4eeFixed18eca59a04500b68a90e0c5c873f97c9d1ea2bfa
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced751e7489c1d74b94ffffbed619d8fd724eeff4eeFixed58fcb1b4287ce38850402bb2bb16d09bf77b91d9