Linux Kernel mac80211 TDLS Flag Check Vulnerability in ieee80211_tdls_oper Function

A vulnerability exists in the Linux kernel's mac80211 component, specifically within the ieee80211_tdls_oper function. When the NL80211_TDLS_ENABLE_LINK command is issued, the function only verifies the existence of the station, without confirming if it is a TDLS station. This oversight allows the command to affect non-TDLS stations, leading to unintended consequences such as altering channel context and HT protection, before ultimately failing. The vulnerability has been addressed by adding a check for the TDLS status of the station early in the ENABLE_LINK process, preventing these side effects from occurring on non-TDLS peers.

Impact

Exploitation of this vulnerability could cause unintended modifications to the channel context and HT protection, potentially disrupting wireless communication and performance.

Reproduction

To reproduce this vulnerability, initiate the NL80211_TDLS_ENABLE_LINK command with a non-TDLS station. The function will proceed without the appropriate checks, allowing for unintended modifications before the operation fails.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the Linux Kernel Archives.