CVE-2025-38505Improper Input Validation in Linux

CWE-20Improper Input Validation16 documents6 sources
Severity
5.5MEDIUMNVD
OSV3.2
EPSS
0.0%
top 97.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedAug 16
Latest updateDec 15

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: discard erroneous disassoc frames on STA interface When operating in concurrent STA/AP mode with host MLME enabled, the firmware incorrectly sends disassociation frames to the STA interface when clients disconnect from the AP interface. This causes kernel warnings as the STA interface processes disconnect events that don't apply to it: [ 1303.240540] WARNING: CPU: 0 PID: 513 at net/wireless/mlme.c:141 cfg80211_

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel6.126.12.39+2
Debianlinux/linux_kernel< 6.12.41-1+1
CVEListV5linux/linux36995892c271cce5e2230bc165a06f109b117222a963819a121f5dd61e0b39934d8b5dec529da96a+3
debiandebian/linux< linux 6.16.3-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

8
OSV
linux-azure, linux-azure-6.14 vulnerabilities2025-12-15
OSV
linux-gcp-6.14, linux-raspi vulnerabilities2025-12-04
OSV
linux-aws-6.14, linux-oracle-6.14 vulnerabilities2025-11-26
OSV
linux-oem-6.14 vulnerabilities2025-11-21
OSV
linux, linux-aws, linux-gcp, linux-hwe-6.14, linux-oracle, linux-realtime vulnerabilities2025-11-21

📋Vendor Advisories

7
Ubuntu
Linux kernel (Azure) vulnerabilities2025-12-15
Ubuntu
Linux kernel vulnerabilities2025-12-04
Ubuntu
Linux kernel vulnerabilities2025-11-26
Ubuntu
Linux kernel (Real-time) vulnerabilities2025-11-21
Ubuntu
Linux kernel (OEM) vulnerabilities2025-11-21
CVE-2025-38505 — Improper Input Validation in Linux | cvebase