CVE-2025-38644

22.08.2025, 16:15

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: reject TDLS operations when station is not associated

syzbot triggered a WARN in ieee80211_tdls_oper() by sending
NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,
before association completed and without prior TDLS setup.

This left internal state like sdata->u.mgd.tdls_peer uninitialized,
leading to a WARN_ON() in code paths that assumed it was valid.

Reject the operation early if not in station mode or not associated.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bullseye	vulnerable
bullseye (security)	vulnerable
bookworm	vulnerable
bookworm (security)	vulnerable
trixie (security)	vulnerable
forky	vulnerable
sid	vulnerable
trixie	vulnerable

References

https://git.kernel.org/stable/c/0c84204cf0bbe89e454a5caccc6a908bc7db1542

https://git.kernel.org/stable/c/16ecdab5446f15a61ec88eb0d23d25d009821db0

https://git.kernel.org/stable/c/31af06b574394530f68a4310c45ecbe2f68853c4

https://git.kernel.org/stable/c/378ae9ccaea3f445838a087962a067b5cb2e8577

https://git.kernel.org/stable/c/4df663d4c1ca386dcab2f743dfc9f0cc07aef73c

https://git.kernel.org/stable/c/af72badd5ee423eb16f6ad7fe0a62f1b4252d848