{"id":"CVE-2025-38644","summary":"wifi: mac80211: reject TDLS operations when station is not associated","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: reject TDLS operations when station is not associated\n\nsyzbot triggered a WARN in ieee80211_tdls_oper() by sending\nNL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT,\nbefore association completed and without prior TDLS setup.\n\nThis left internal state like sdata-\u003eu.mgd.tdls_peer uninitialized,\nleading to a WARN_ON() in code paths that assumed it was valid.\n\nReject the operation early if not in station mode or not associated.","modified":"2026-04-16T00:05:53.546214854Z","published":"2025-08-22T16:00:49.899Z","related":["SUSE-SU-2025:03204-1","SUSE-SU-2025:03272-1","SUSE-SU-2025:03283-1","SUSE-SU-2025:03290-1","SUSE-SU-2025:03301-1","SUSE-SU-2025:03310-1","SUSE-SU-2025:03314-1","SUSE-SU-2025:03344-1","SUSE-SU-2025:03382-1","SUSE-SU-2025:03383-1","SUSE-SU-2025:03384-1","SUSE-SU-2025:03602-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:03636-1","SUSE-SU-2025:03638-1","SUSE-SU-2025:03646-1","SUSE-SU-2025:03650-1","SUSE-SU-2025:03652-1","SUSE-SU-2025:03653-1","SUSE-SU-2025:03656-1","SUSE-SU-2025:03662-1","SUSE-SU-2025:03663-1","SUSE-SU-2025:03664-1","SUSE-SU-2025:03666-1","SUSE-SU-2025:03671-1","SUSE-SU-2025:03672-1","SUSE-SU-2025:20653-1","SUSE-SU-2025:20669-1","SUSE-SU-2025:20739-1","SUSE-SU-2025:20756-1","SUSE-SU-2025:20873-1","SUSE-SU-2025:20874-1","SUSE-SU-2025:20875-1","SUSE-SU-2025:20876-1","SUSE-SU-2025:20877-1","SUSE-SU-2025:20878-1","SUSE-SU-2025:20879-1","SUSE-SU-2025:20881-1","SUSE-SU-2025:20882-1","SUSE-SU-2025:20883-1","SUSE-SU-2025:20884-1","SUSE-SU-2025:20885-1","SUSE-SU-2025:20886-1","SUSE-SU-2025:20887-1","SUSE-SU-2025:20888-1","SUSE-SU-2025:20890-1","SUSE-SU-2025:20891-1","SUSE-SU-2025:20902-1","SUSE-SU-2025:20903-1","SUSE-SU-2025:20904-1","SUSE-SU-2025:20905-1","SUSE-SU-2025:20906-1","SUSE-SU-2025:20907-1","SUSE-SU-2025:20909-1","SUSE-SU-2025:20912-1","SUSE-SU-2025:20913-1","SUSE-SU-2025:20914-1","SUSE-SU-2025:20915-1","SUSE-SU-2025:20916-1","SUSE-SU-2025:20917-1","SUSE-SU-2025:20918-1","SUSE-SU-2025:20920-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:3675-1","SUSE-SU-2025:3679-1","SUSE-SU-2025:3683-1","SUSE-SU-2025:3703-1","SUSE-SU-2025:3704-1","SUSE-SU-2025:3705-1","SUSE-SU-2025:3712-1","SUSE-SU-2025:3717-1","SUSE-SU-2025:3720-1","SUSE-SU-2025:3721-1","SUSE-SU-2025:3731-1","SUSE-SU-2025:3733-1","SUSE-SU-2025:3734-1","SUSE-SU-2025:3736-1","SUSE-SU-2025:3740-1","SUSE-SU-2025:3742-1","SUSE-SU-2025:3748-1","SUSE-SU-2025:3755-1","SUSE-SU-2025:3762-1","SUSE-SU-2025:3764-1","SUSE-SU-2025:3765-1","SUSE-SU-2025:3768-1","SUSE-SU-2025:3771-1","SUSE-SU-2025:3772-1","SUSE-SU-2025:4123-1","openSUSE-SU-2025:20081-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38644.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0c84204cf0bbe89e454a5caccc6a908bc7db1542"},{"type":"WEB","url":"https://git.kernel.org/stable/c/16ecdab5446f15a61ec88eb0d23d25d009821db0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/31af06b574394530f68a4310c45ecbe2f68853c4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/378ae9ccaea3f445838a087962a067b5cb2e8577"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4df663d4c1ca386dcab2f743dfc9f0cc07aef73c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/af72badd5ee423eb16f6ad7fe0a62f1b4252d848"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38644.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38644"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"81dd2b8822410e56048b927be779d95a2b6dc186"},{"fixed":"0c84204cf0bbe89e454a5caccc6a908bc7db1542"},{"fixed":"378ae9ccaea3f445838a087962a067b5cb2e8577"},{"fixed":"af72badd5ee423eb16f6ad7fe0a62f1b4252d848"},{"fixed":"4df663d4c1ca386dcab2f743dfc9f0cc07aef73c"},{"fixed":"31af06b574394530f68a4310c45ecbe2f68853c4"},{"fixed":"16ecdab5446f15a61ec88eb0d23d25d009821db0"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38644.json"}}],"schema_version":"1.7.5"}