Linux Kernel Multicast and Broadcast RA Vulnerability
CVE-2025-38343

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 10 July 2025

What is CVE-2025-38343?

A vulnerability in the Linux kernel related to the handling of multicast or broadcast Radio Addresses (RA) has been identified, highlighting an issue with IEEE 802.11 fragmentation. The vulnerability allows incorrect processing of fragments, which should only be applied to unicast frames. This could lead to potential security risks when fragments are improperly handled. A recent patch has been implemented to address this vulnerability by ensuring that any fragments with multicast or broadcast RA are dropped, thereby enhancing the overall security of the kernel and mitigating risks associated with past vulnerabilities.

Affected Version(s)

Linux 98686cd21624c75a043e96812beadddf4f6f48e5 < 24900688ee47071aa6a61e78473999b5b80f0423

Linux 98686cd21624c75a043e96812beadddf4f6f48e5

Linux 98686cd21624c75a043e96812beadddf4f6f48e5 < 5fd5b8132b5de08c99eea003f7715ff2e361b007

References

https://git.kernel.org/stable/c/24900688ee47071aa6a61e784...

https://git.kernel.org/stable/c/d4b93f9c2f666011dcf810050...

https://git.kernel.org/stable/c/5fd5b8132b5de08c99eea003f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2025
Vulnerability Reserved
Apr 16, 2025