CVE-2026-43052
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: check tdls flag in ieee80211_tdls_oper
When NL80211_TDLS_ENABLE_LINK is called, the code only checks if the station exists but not whether it is actually a TDLS station. This allows the operation to proceed for non-TDLS stations, causing unintended side effects like modifying channel context and HT protection before failing.
Add a check for sta->sta.tdls early in the ENABLE_LINK case, before any side effects occur, to ensure the operation is only allowed for actual TDLS peers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linux kernel wifi mac80211 missing TDLS station check in ieee80211_tdls_oper could trigger unintended side effects.
Vulnerability
Description
In the Linux kernel's mac80211 subsystem, the function ieee80211_tdls_oper lacked a check to verify whether the target station is actually a TDLS (Tunneled Direct Link Setup) station when processing the NL80211_TDLS_ENABLE_LINK command. The code only verified that the station exists, but not its TDLS status, allowing the operation to proceed for any station [1].
Exploitation and
Attack Surface
An attacker with the ability to trigger NL80211_TDLS_ENABLE_LINK on a non-TDLS station could cause the operation to go ahead before ultimately failing. During this process, the kernel may modify channel context and HT (High Throughput) protection settings as side effects, potentially impacting wireless connectivity for other stations [1]. The attack requires local access to the system, system or the ability to send crafted netlink commands.
Impact
Successful exploitation can lead to unintended modifications of channel context and HT protection, which may degrade Wi-Fi performance or cause denial of service for legitimate wireless peers. The vulnerability does not directly allow remote code execution but can disrupt network operations [1].
Mitigation
The fix adds an early check for sta->sta.tdls in the ENABLE_LINK case, before any side effects occur, ensuring the operation is only allowed for actual TDLS peers [1]. Users should apply the kernel patches that include commit 8148c2fda4ebb17104a573649c9b699208ad10ee and related stable backports as soon as possible.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6(expand)+ 5 more
- (no CPE)
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=3.2,<6.12.81
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026