Home

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before association completed and without prior TDLS setup. This left internal state like sdata->u.mgd.tdls_peer uninitialized, leading to a WARN_ON() in code paths that assumed it was valid. Reject the operation early if not in station mode or not associated.

PUBLISHED Reserved 2025-04-16 | Published 2025-08-22 | Updated 2025-09-29 | Assigner Linux

Product status

Default status
unaffected

81dd2b8822410e56048b927be779d95a2b6dc186 before 0c84204cf0bbe89e454a5caccc6a908bc7db1542
affected

81dd2b8822410e56048b927be779d95a2b6dc186 before 378ae9ccaea3f445838a087962a067b5cb2e8577
affected

81dd2b8822410e56048b927be779d95a2b6dc186 before af72badd5ee423eb16f6ad7fe0a62f1b4252d848
affected

81dd2b8822410e56048b927be779d95a2b6dc186 before 4df663d4c1ca386dcab2f743dfc9f0cc07aef73c
affected

81dd2b8822410e56048b927be779d95a2b6dc186 before 31af06b574394530f68a4310c45ecbe2f68853c4
affected

81dd2b8822410e56048b927be779d95a2b6dc186 before 16ecdab5446f15a61ec88eb0d23d25d009821db0
affected

Default status
affected

3.17
affected

Any version before 3.17
unaffected

6.1.148
unaffected

6.6.102
unaffected

6.12.42
unaffected

6.15.10
unaffected

6.16.1
unaffected

6.17
unaffected

References

git.kernel.org/...c/0c84204cf0bbe89e454a5caccc6a908bc7db1542

git.kernel.org/...c/378ae9ccaea3f445838a087962a067b5cb2e8577

git.kernel.org/...c/af72badd5ee423eb16f6ad7fe0a62f1b4252d848

git.kernel.org/...c/4df663d4c1ca386dcab2f743dfc9f0cc07aef73c

git.kernel.org/...c/31af06b574394530f68a4310c45ecbe2f68853c4

git.kernel.org/...c/16ecdab5446f15a61ec88eb0d23d25d009821db0

cve.org (CVE-2025-38644)

nvd.nist.gov (CVE-2025-38644)

Download JSON