CVE-2025-38343

low-risk

Published 2025-07-10

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: drop fragments with multicast or broadcast RA IEEE 802.11 fragmentation can only be applied to unicast frames. Therefore, drop fragments with multicast or broadcast RA. This patch addresses vulnerabilities such as CVE-2020-26145.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (4)

Patch https://git.kernel.org/stable/c/24900688ee47071aa6a61e78473999b5b80f0423

Patch https://git.kernel.org/stable/c/5fd5b8132b5de08c99eea003f7715ff2e361b007

Patch https://git.kernel.org/stable/c/80fda1cd7b0a1edd0849dc71403a070d0922118d

Patch https://git.kernel.org/stable/c/d4b93f9c2f666011dcf810050ef60a6b8d06f186

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal