Wind River Support Network

Description

In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]wifi: prevent A-MSDU attacks in mesh networks[EOL][EOL]This patch is a mitigation to prevent the A-MSDU spoofing vulnerability[EOL]for mesh networks. The initial update to the IEEE 802.11 standard, in[EOL]response to the FragAttacks, missed this case (CVE-2025-27558). It can[EOL]be considered a variant of CVE-2020-24588 but for mesh networks.[EOL][EOL]This patch tries to detect if a standard MSDU was turned into an A-MSDU[EOL]by an adversary. This is done by parsing a received A-MSDU as a standard[EOL]MSDU, calculating the length of the Mesh Control header, and seeing if[EOL]the 6 bytes after this header equal the start of an rfc1042 header. If[EOL]equal, this is a strong indication of an ongoing attack attempt.[EOL][EOL]This defense was tested with mac80211_hwsim against a mesh network that[EOL]uses an empty Mesh Address Extension field, i.e., when four addresses[EOL]are used, and when using a 12-byte Mesh Address Extension field, i.e.,[EOL]when six addresses are used. Functionality of normal MSDUs and A-MSDUs[EOL]was also tested, and confirmed working, when using both an empty and[EOL]12-byte Mesh Address Extension field.[EOL][EOL]It was also tested with mac80211_hwsim that A-MSDU attacks in non-mesh[EOL]networks keep being detected and prevented.[EOL][EOL]Note that the vulnerability being patched, and the defense being[EOL]implemented, was also discussed in the following paper and in the[EOL]following IEEE 802.11 presentation:[EOL][EOL]https://papers.mathyvanhoef.com/wisec2025.pdf[EOL]https://mentor.ieee.org/802.11/dcn/25/11-25-0949-00-000m-a-msdu-mesh-spoof-protection.docx

CREATE(Triage):(User=pbi-cn) [CVE-2025-38512 (https://nvd.nist.gov/vuln/detail/CVE-2025-38512)