CVE-2025-38644

EUVD-2025-25558
In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: reject TDLS operations when station is not associated

syzbot triggered a WARN in ieee80211_tdls_oper() by sending
NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,
before association completed and without prior TDLS setup.

This left internal state like sdata->u.mgd.tdls_peer uninitialized,
leading to a WARN_ON() in code paths that assumed it was valid.

Reject the operation early if not in station mode or not associated.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
3.17 ≤
𝑥
< 6.1.148
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.102
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.42
linuxlinux_kernel
6.13 ≤
𝑥
< 6.15.10
linuxlinux_kernel
6.16 ≤
𝑥
< 6.16.1
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.159-1
fixed
bookworm (security)
6.1.162-1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
forky
6.18.9-1
fixed
sid
6.18.12-1
fixed
trixie
6.12.63-1
fixed
trixie (security)
6.12.73-1
fixed
linux-6.1
bullseye (security)
6.1.162-1~deb11u1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/0c84204cf0bbe89e454a5caccc6a908bc7db1542
https://git.kernel.org/stable/c/16ecdab5446f15a61ec88eb0d23d25d009821db0
https://git.kernel.org/stable/c/31af06b574394530f68a4310c45ecbe2f68853c4
https://git.kernel.org/stable/c/378ae9ccaea3f445838a087962a067b5cb2e8577
https://git.kernel.org/stable/c/4df663d4c1ca386dcab2f743dfc9f0cc07aef73c
https://git.kernel.org/stable/c/af72badd5ee423eb16f6ad7fe0a62f1b4252d848
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html