Linux Kernel Vulnerability in WiFi TDLS Operations by Vendor Linux
CVE-2025-38644

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-38644?

A vulnerability exists within the Linux kernel's handling of WiFi TDLS operations, where an improper sequence of commands can lead to uninitialized internal states. Specifically, if NL80211_TDLS_ENABLE_LINK is sent immediately after NL80211_CMD_CONNECT, before the association completes and without prior TDLS setup, it triggers a warning within ieee80211_tdls_oper(). The subsequent assumption of valid states could lead to unexpected behavior or compromised network integrity. The exploit calls for early rejection of TDLS operations if the device is not in station mode or not properly associated.

Affected Version(s)

Linux 81dd2b8822410e56048b927be779d95a2b6dc186 < 0c84204cf0bbe89e454a5caccc6a908bc7db1542

Linux 81dd2b8822410e56048b927be779d95a2b6dc186 < 378ae9ccaea3f445838a087962a067b5cb2e8577

Linux 81dd2b8822410e56048b927be779d95a2b6dc186

References

https://git.kernel.org/stable/c/0c84204cf0bbe89e454a5cacc...

https://git.kernel.org/stable/c/378ae9ccaea3f445838a08796...

https://git.kernel.org/stable/c/af72badd5ee423eb16f6ad7fe...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Apr 16, 2025