CVE-2025-38644 in Linux
Summary
by MITRE • 08/22/2025
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: reject TDLS operations when station is not associated
syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before association completed and without prior TDLS setup.
This left internal state like sdata->u.mgd.tdls_peer uninitialized, leading to a WARN_ON() in code paths that assumed it was valid.
Reject the operation early if not in station mode or not associated.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/28/2026
The vulnerability CVE-2025-38644 represents a critical race condition and state management flaw within the Linux kernel's mac80211 wireless subsystem that affects TDLS (Tunneled Direct Link Setup) operations. This issue manifests when the system attempts to establish direct wireless links between stations without proper association state validation. The flaw specifically impacts the ieee80211_tdls_oper() function which handles TDLS operations in the 802.11 wireless networking stack, creating a scenario where kernel memory corruption and warning conditions can occur during wireless connection establishment processes.
The technical implementation of this vulnerability stems from inadequate state validation within the mac80211 subsystem's TDLS handling mechanism. When a wireless station attempts to enable a TDLS link immediately after initiating a connection command but before the association process completes, the kernel fails to verify whether the station is properly associated with the network. This creates a dangerous race condition where internal data structures such as sdata->u.mgd.tdls_peer remain uninitialized or improperly configured, leading to kernel warnings and potential memory access violations. The vulnerability is classified under CWE-362 as a Race Condition and CWE-691 as an Insufficient Control Flow Management, both of which are critical in kernel security contexts.
The operational impact of this vulnerability extends beyond simple kernel warnings to potentially compromise the stability and security of wireless networking operations in Linux systems. Attackers could exploit this condition to cause denial of service through kernel panic or system crashes, particularly in environments where wireless connections are frequently established and torn down. The vulnerability affects devices running Linux kernels with mac80211 wireless drivers, including laptops, servers, and embedded systems that rely on wireless connectivity. In enterprise environments, this could lead to unauthorized network access disruption or facilitate more sophisticated attacks by destabilizing wireless infrastructure components. The issue particularly impacts systems using TDLS for optimizing wireless traffic between stations in the same network, making it relevant to both consumer and enterprise wireless networking scenarios.
Mitigation strategies for CVE-2025-38644 involve implementing early validation checks within the TDLS operation handling code to ensure proper station association states before processing TDLS commands. The fix requires modifying the ieee80211_tdls_oper() function to reject TDLS operations when the station is not in proper association mode or when the association process has not completed. This approach aligns with ATT&CK technique T1499.004 for Network Denial of Service and addresses the fundamental control flow management issues identified in the vulnerability. System administrators should ensure immediate kernel updates are applied to address this vulnerability, particularly in wireless infrastructure components where TDLS functionality is actively used. Additionally, monitoring for kernel warnings related to uninitialized TDLS peer structures can help identify potential exploitation attempts. The fix implements proper state validation checks that prevent operations on uninitialized data structures, reducing the attack surface and improving overall kernel stability in wireless networking environments.