Linux Kernel nl80211 Monitor Interface Flag Handling Vulnerability

Vulnerability

A vulnerability in the Linux kernel's handling of monitor interface flags can lead to improper state management. When both MONITOR_FLAG_COOK_FRAMES and MONITOR_FLAG_ACTIVE are set simultaneously on the same monitor interface from userspace, it creates a sub-interface without the necessary IEEE80211_SDATA_IN_DRIVER bit. This issue arises because the cooked state takes precedence over other states, leading to a warning when the interface is deleted. The vulnerability has been addressed by rejecting MONITOR_FLAG_COOK_FRAMES when it is combined with other flags.

Impact

Exploitation of this vulnerability can cause a kernel warning due to improper management of monitor interface states, potentially leading to instability or unexpected behavior in the wireless subsystem.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel nl80211 Monitor Interface Flag Handling Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating