Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before association completed and without prior TDLS setup. This left internal state like sdata->u.mgd.tdls_peer uninitialized, leading to a WARN_ON() in code paths that assumed it was valid. Reject the operation early if not in station mode or not associated.

INFO

Published Date :

2025-08-22T16:00:49.899Z

Last Modified :

2025-11-03T17:40:40.962Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-38644 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-38644.

URL Resource
https://git.kernel.org/stable/c/0c84204cf0bbe89e454a5caccc6a908bc7db1542 cve-icon cve-icon
https://git.kernel.org/stable/c/16ecdab5446f15a61ec88eb0d23d25d009821db0 cve-icon cve-icon
https://git.kernel.org/stable/c/31af06b574394530f68a4310c45ecbe2f68853c4 cve-icon cve-icon
https://git.kernel.org/stable/c/378ae9ccaea3f445838a087962a067b5cb2e8577 cve-icon cve-icon
https://git.kernel.org/stable/c/4df663d4c1ca386dcab2f743dfc9f0cc07aef73c cve-icon cve-icon
https://git.kernel.org/stable/c/af72badd5ee423eb16f6ad7fe0a62f1b4252d848 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025082235-CVE-2025-38644-39b4@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-38644 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-38644 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact