Strix
26.1K

CVE-2025-21909

MEDIUMCVSS 5.5/10EPSS 0.14%

Last modified

CVE-2025-21909 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject cooked mode if it is set along with other flags It is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE flags simultaneously on the same monitor interface from the userspace. This causes a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit set because the monitor interface is in the cooked state and it takes precedence over all other states. EPSS estimates a 0.14% chance of exploitation in the next 30 days.

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject cooked mode if it is set along with other flags It is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE flags simultaneously on the same monitor interface from the userspace. This causes a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit set because the monitor interface is in the cooked state and it takes precedence over all other states. When the interface is then being deleted the kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing that bit. Fix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with other flags. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Metrics

CVSS 3.1
5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
0.14%

3.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
LinuxLinux Kernel>= 2.6.26, < 5.4.291
LinuxLinux Kernel>= 5.5, < 5.10.235
LinuxLinux Kernel>= 5.11, < 5.15.179
LinuxLinux Kernel>= 5.16, < 6.1.131
LinuxLinux Kernel>= 6.2, < 6.6.83
LinuxLinux Kernel>= 6.7, < 6.12.19
LinuxLinux Kernel>= 6.13, < 6.13.7
LinuxLinux Kernel6.14Rc1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2025-21909?
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject cooked mode if it is set along with other flags It is possible to set both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE flags simultaneously on the same monitor interface from the userspace. This causes a sub-interface to be created with no IEEE80211_SDATA_IN_DRIVER bit set because the monitor interface is in the cooked state and it takes precedence over all other states. When the interface is then being deleted the kernel calls WARN_ONCE() from check_sdata_in_driver() because of missing that bit. Fix this by rejecting MONITOR_FLAG_COOK_FRAMES if it is set along with other flags. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
How severe is CVE-2025-21909?
CVE-2025-21909 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.14% probability of exploitation in the next 30 days.
How do I fix CVE-2025-21909?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-21909?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST