CVE-2025-38644
Published: Aug 22, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before association completed and without prior TDLS setup. This left internal state like sdata->u.mgd.tdls_peer uninitialized, leading to a WARN_ON() in code paths that assumed it was valid. Reject the operation early if not in station mode or not associated.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 81dd2b8822410e56048b927be779d95a2b6dc186 - < 0c84204cf0bbe89e454a5caccc6a908bc7db1542affected 81dd2b8822410e56048b927be779d95a2b6dc186 - < 378ae9ccaea3f445838a087962a067b5cb2e8577affected 81dd2b8822410e56048b927be779d95a2b6dc186 - < af72badd5ee423eb16f6ad7fe0a62f1b4252d848affected 81dd2b8822410e56048b927be779d95a2b6dc186 - < 4df663d4c1ca386dcab2f743dfc9f0cc07aef73caffected 81dd2b8822410e56048b927be779d95a2b6dc186 - < 31af06b574394530f68a4310c45ecbe2f68853c4+1 more versions |
Linux | Linux | affected 3.17unaffected 0 - < 3.17unaffected 6.1.148 - <= 6.1.*unaffected 6.6.102 - <= 6.6.*unaffected 6.12.42 - <= 6.12.*+3 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now