CVE-2026-43052

EUVD-2026-26651
In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: check tdls flag in ieee80211_tdls_oper

When NL80211_TDLS_ENABLE_LINK is called, the code only checks if the
station exists but not whether it is actually a TDLS station. This
allows the operation to proceed for non-TDLS stations, causing
unintended side effects like modifying channel context and HT
protection before failing.

Add a check for sta->sta.tdls early in the ENABLE_LINK case, before
any side effects occur, to ensure the operation is only allowed for
actual TDLS peers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
3.2 ≤
𝑥
< 6.12.81
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.22
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.12
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
linuxlinux_kernel
7.0:rc3
linuxlinux_kernel
7.0:rc4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
7.0.10-1
fixed
sid
7.0.12-2
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.90-2
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/44839ea7e96b3659a1606f3d5267063135479b7c
https://git.kernel.org/stable/c/6813a8b1b240756dad4375f3e020ce10e4e3871b
https://git.kernel.org/stable/c/7d73872d949c488a1d7c308031d6a9d89b5e0a8b
https://git.kernel.org/stable/c/8148c2fda4ebb17104a573649c9b699208ad10ee
https://git.kernel.org/stable/c/ba5b43db126a5e7378553869e3f7954d9187349f
https://git.kernel.org/stable/c/be81f17151fcb8546a95f35ca8f4231b065985de
https://git.kernel.org/stable/c/e77b2937aaa20264e4bd699d3244bdb50e7e3343