CVE-2025-38509

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The Linux kernel contains a flaw within the mac80211 component where it does not reject Very High Throughput (VHT) operating mode notifications for unsupported channel widths. Specifically, 5 MHz and 10 MHz channel widths are invalid under the VHT specification. Accepting malformed notifications with these unsupported widths can lead to a warning due to invalid input within the ieee80211 chan width to rx bw() function. The issue was reported by syzbot.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.