UBUNTU-CVE-2025-27558

Advisory lineage Upstream: 1 Downstream: 0
Upstream
CVE-2025-27558
Published: 21 May 2025, 19:16
Last modified:03 Jun 2026, 13:39

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.1 CRITICAL
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

21 May 2025, 19:16
Published
Vulnerability first disclosed
03 Jun 2026, 13:39
Last Modified
Vulnerability information updated

Description

IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. NOTE: this issue exists because of an incorrect fix for CVE-2020-24588. P802.11-REVme, as of early 2025, is a planned release of the 802.11 standard.

CVSS Metrics

  • v3.1CRITICALScore: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Systems

  • ubuntulinux

    all | all | all | all | < 6.8.0-100.100

  • ubuntulinux-allwinner-5.19

    all

  • ubuntulinux-aws

    all | all | all | all | < 6.8.0-1046.49

  • ubuntulinux-aws-5.0

    all

  • ubuntulinux-aws-5.11

    all

  • ubuntulinux-aws-5.13

    all

  • ubuntulinux-aws-5.15

    all

  • ubuntulinux-aws-5.19

    all

  • ubuntulinux-aws-5.3

    all

  • ubuntulinux-aws-5.4

    all

  • ubuntulinux-aws-5.8

    all

  • ubuntulinux-aws-6.14

    all | < 6.14.0-1017.17~24.04.1

  • ubuntulinux-aws-6.17

    all

  • ubuntulinux-aws-6.2

    all

  • ubuntulinux-aws-6.5

    all

  • ubuntulinux-aws-6.8

    all | < 6.8.0-1046.49~22.04.1

  • ubuntulinux-aws-fips

    all | < 6.8.0-1046.49+fips1

  • ubuntulinux-aws-hwe

    all

  • ubuntulinux-azure

    all | all | all | all | all | < 6.8.0-1046.52

  • ubuntulinux-azure-4.15

    all

  • ubuntulinux-azure-5.11

    all

  • ubuntulinux-azure-5.13

    all

  • ubuntulinux-azure-5.15

    all

  • ubuntulinux-azure-5.19

    all

  • ubuntulinux-azure-5.3

    all

  • ubuntulinux-azure-5.4

    all

  • ubuntulinux-azure-5.8

    all

  • ubuntulinux-azure-6.11

    all

  • ubuntulinux-azure-6.14

    all | < 6.14.0-1017.17~24.04.1

  • ubuntulinux-azure-6.17

    all

  • ubuntulinux-azure-6.2

    all

  • ubuntulinux-azure-6.5

    all

  • ubuntulinux-azure-6.8

    all | < 6.8.0-1051.57~22.04.1

  • ubuntulinux-azure-edge

    all

  • ubuntulinux-azure-fde

    all | all | all | all

  • ubuntulinux-azure-fde-5.15

    all

  • ubuntulinux-azure-fde-5.19

    all

  • ubuntulinux-azure-fde-6.14

    all

  • ubuntulinux-azure-fde-6.17

    all

  • ubuntulinux-azure-fde-6.2

    all

  • ubuntulinux-azure-fde-6.8

    all

  • ubuntulinux-azure-fips

    all | < 6.8.0-1046.52+fips1

  • ubuntulinux-azure-nvidia

    all

  • ubuntulinux-azure-nvidia-6.14

    all

  • ubuntulinux-bluefield

    all | all | all

  • ubuntulinux-fips

    all | < 6.8.0-100.100+fips1

  • ubuntulinux-gcp

    all | all | all | all | all | < 6.8.0-1047.50

  • ubuntulinux-gcp-4.15

    all

  • ubuntulinux-gcp-5.11

    all

  • ubuntulinux-gcp-5.13

    all

Showing first 50 affected entries in server-rendered view.

References (4)