CVE-2025-38644: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-38644 is a vulnerability discovered in the Linux kernel affecting the wifi mac80211 subsystem. The issue was identified on August 22, 2025, and involves improper handling of TDLS (Tunneled Direct Link Setup) operations when a station is not associated. The vulnerability was reported by syzbot, which triggered a WARN condition in the ieee80211_tdls_oper() function (NVD).

The vulnerability occurs when NL80211_TDLS_ENABLE_LINK is sent immediately after NL80211_CMD_CONNECT, before the association is completed and without prior TDLS setup. This sequence leaves internal state variables, specifically sdata->u.mgd.tdls_peer, uninitialized, leading to a WARN_ON() condition in code paths that assumed the variable was valid (NVD).

While the direct impact appears to be limited to triggering a warning condition in the kernel, the uninitialized state could potentially lead to system instability or unexpected behavior in the wireless networking stack (NVD).

The vulnerability has been resolved by implementing early rejection of TDLS operations when the station is not in station mode or not associated. The fix has been incorporated into newer kernel versions, though some distributions may still be vulnerable. According to the Debian security tracker, the vulnerability remains unfixed in some versions but has been addressed in the forky and sid releases (Debian Tracker).