Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: check tdls flag in ieee80211_tdls_oper

When NL80211_TDLS_ENABLE_LINK is called, the code only checks if the
station exists but not whether it is actually a TDLS station. This
allows the operation to proceed for non-TDLS stations, causing
unintended side effects like modifying channel context and HT
protection before failing.

Add a check for sta->sta.tdls early in the ENABLE_LINK case, before
any side effects occur, to ensure the operation is only allowed for
actual TDLS peers.
Published: 2026-05-01
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s mac80211 wireless stack contains a logic flaw in the handling of the NL80211_TDLS_ENABLE_LINK command. The code checks only for the existence of a station but fails to verify that the station is actually a TDLS peer. This omission allows the operation to proceed for non‑TDLS stations, inadvertently triggering side effects such as modifying the channel context and HT protection before the operation ultimately fails. The result is unintended changes to the wireless configuration that can degrade connectivity, inject misconfiguration, or expose the device to fragile network states. This flaw is an internal kernel issue and does not involve direct remote code execution, but it presents an integrity and availability risk for devices running the affected kernel.

Affected Systems

Linux kernel installations that use the mac80211 Wi‑Fi subsystem without the patch that adds a proper TDLS flag check. Any kernel release predating the fix is considered vulnerable. Both major and minor distributions that ship standard Linux kernels are included, as the issue sits inside the kernel itself, not in a distribution‑specific module.

Risk and Exploitability

The vulnerability requires an attacker to send a netlink command (NL80211_TDLS_ENABLE_LINK) targeting a non‑TDLS station, a capability normally limited to users with sufficient privilege to interact with wireless devices. Because the EPSS score is <1% and the vulnerability is not listed in CISA KEV, the public likelihood of exploitation is uncertain. Nonetheless, the flaw can lead to denial of service or subtle mis‑configuration in wireless environments, and it may be exploited by adversaries seeking to destabilize network access on compromised Linux machines. The CVSS score of 7.1 reflects a medium‑to‑high severity assessment of the identified issue.

Generated by OpenCVE AI on May 7, 2026 at 22:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to the latest stable release that includes the commit adding a TDLS flag check in ieee80211_tdls_oper
  • If an immediate kernel update is not possible, disable TDLS support in the system’s wireless configuration or via sysfs to prevent nl80211_TDLS_ENABLE_LINK commands from being processed
  • Monitor system logs for unexpected TDLS operations and verify that channel context and HT protection settings remain unchanged after each network operation

Generated by OpenCVE AI on May 7, 2026 at 22:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-640

Thu, 07 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

Sat, 02 May 2026 10:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-640

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag in ieee80211_tdls_oper When NL80211_TDLS_ENABLE_LINK is called, the code only checks if the station exists but not whether it is actually a TDLS station. This allows the operation to proceed for non-TDLS stations, causing unintended side effects like modifying channel context and HT protection before failing. Add a check for sta->sta.tdls early in the ENABLE_LINK case, before any side effects occur, to ensure the operation is only allowed for actual TDLS peers.
Title wifi: mac80211: check tdls flag in ieee80211_tdls_oper
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:16:47.129Z

Reserved: 2026-05-01T14:12:55.980Z

Link: CVE-2026-43052

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-01T15:16:51.670

Modified: 2026-05-07T18:19:17.370

Link: CVE-2026-43052

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-43052 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T22:30:36Z

Weaknesses