CVE-2025-38644

wifi: mac80211: reject TDLS operations when station is not associated

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before association completed and without prior TDLS setup. This left internal state like sdata->u.mgd.tdls_peer uninitialized, leading to a WARN_ON() in code paths that assumed it was valid. Reject the operation early if not in station mode or not associated.

N/A
CVSS
Severity:
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/0c84204cf0bbe89e454a5caccc6a908bc7db1542
https://git.kernel.org/stable/c/378ae9ccaea3f445838a087962a067b5cb2e8577
https://git.kernel.org/stable/c/af72badd5ee423eb16f6ad7fe0a62f1b4252d848
https://git.kernel.org/stable/c/4df663d4c1ca386dcab2f743dfc9f0cc07aef73c
https://git.kernel.org/stable/c/31af06b574394530f68a4310c45ecbe2f68853c4
https://git.kernel.org/stable/c/16ecdab5446f15a61ec88eb0d23d25d009821db0

Frequently Asked Questions

What is the severity of CVE-2025-38644?
CVE-2025-38644 has not yet been assigned a CVSS score.
How to fix CVE-2025-38644?
To fix CVE-2025-38644, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-38644 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-38644 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-38644?
CVE-2025-38644 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.