CVE-2026-43052
Published: May 2, 2026Last modified: June 2, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag in ieee80211_tdls_oper When NL80211_TDLS_ENABLE_LINK is called, the code only checks if the station exists but not whether it is actually a TDLS station. This allows the operation to proceed for non-TDLS stations, causing unintended side effects like modifying channel context and HT protection before failing. Add a check for sta->sta.tdls early in the ENABLE_LINK case, before any side effects occur, to ensure the operation is only allowed for actual TDLS peers.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.1 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | HIGH |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.175-r0) |
| 25 LTS | linux-lts | Fixed (6.12.81-r0) | |
| Stream | linux-lts | Fixed (6.12.85-r0) |
References
- https://git.kernel.org/stable/c/44839ea7e96b3659a1606f3d5267063135479b7c
- https://git.kernel.org/stable/c/6813a8b1b240756dad4375f3e020ce10e4e3871b
- https://git.kernel.org/stable/c/7d73872d949c488a1d7c308031d6a9d89b5e0a8b
- https://git.kernel.org/stable/c/8148c2fda4ebb17104a573649c9b699208ad10ee
- https://git.kernel.org/stable/c/ba5b43db126a5e7378553869e3f7954d9187349f
- https://git.kernel.org/stable/c/be81f17151fcb8546a95f35ca8f4231b065985de
- https://git.kernel.org/stable/c/e77b2937aaa20264e4bd699d3244bdb50e7e3343