CVE-2025-38644
BaseFortify
Publication date: 2025-08-22
Last updated on: 2025-11-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.1.153 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's wifi mac80211 component occurs when TDLS (Tunneled Direct Link Setup) operations are attempted before the station is fully associated with a network. Specifically, sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before association completes and without prior TDLS setup, leaves internal state uninitialized. This causes warnings and potential instability because the code assumes certain data is valid when it is not. The fix rejects such TDLS operations early if the station is not in the correct mode or not associated.
How can this vulnerability impact me? :
This vulnerability can cause warnings and potential instability in the Linux kernel's wifi subsystem due to uninitialized internal state when TDLS operations are improperly triggered. This may lead to unexpected behavior or crashes in wifi connectivity or related services on affected systems.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is resolved by rejecting TDLS operations when the station is not associated. To mitigate this vulnerability, ensure your Linux kernel is updated to a version that includes this fix. Avoid sending NL80211_TDLS_ENABLE_LINK commands immediately after NL80211_CMD_CONNECT before association is complete and without prior TDLS setup.