Skip to main content

Linux Kernel CVE-2026-43052

| EUVDEUVD-2026-26651 HIGH
2026-05-01 Linux
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 07, 2026 - 20:31 vuln.today
CVSS changed
May 07, 2026 - 18:22 NVD
7.1 (HIGH)
Patch available
May 01, 2026 - 16:33 EUVD
Patch released
May 01, 2026 - 15:24 nvd
Patch available
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26651
CVE Published
May 01, 2026 - 14:15 nvd
HIGH 7.1
CVE Published
May 01, 2026 - 14:15 nvd
N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: check tdls flag in ieee80211_tdls_oper

When NL80211_TDLS_ENABLE_LINK is called, the code only checks if the station exists but not whether it is actually a TDLS station. This allows the operation to proceed for non-TDLS stations, causing unintended side effects like modifying channel context and HT protection before failing.

Add a check for sta->sta.tdls early in the ENABLE_LINK case, before any side effects occur, to ensure the operation is only allowed for actual TDLS peers.

AnalysisAI

Logic error in Linux kernel mac80211 TDLS handling allows local authenticated users to modify wireless channel context and HT protection settings by invoking NL80211_TDLS_ENABLE_LINK on non-TDLS stations. Missing validation causes the kernel to apply TDLS-specific operations to regular Wi-Fi stations, potentially disrupting wireless connectivity and creating integrity/availability impacts. Vendor patches available for kernel 6.12.81, 6.18.22, 6.19.12, and 7.0. EPSS score of 0.02% (5th percentile) indicates very low probability of exploitation despite CVSS 7.1 rating. No evidence of active exploitation or public POC identified at time of analysis.

Technical ContextAI

This vulnerability affects the mac80211 subsystem, the Linux kernel's software MAC layer for 802.11 wireless networking. TDLS (Tunneled Direct Link Setup, IEEE 802.11z) allows Wi-Fi clients on the same network to establish direct peer-to-peer connections without routing through the access point. The ieee80211_tdls_oper() function in net/mac80211/cfg.c handles TDLS management operations including link enablement. When processing NL80211_TDLS_ENABLE_LINK requests via the nl80211 netlink interface, the code verifies station existence via sta_info_get() but fails to validate the sta->sta.tdls flag before performing TDLS-specific operations like invoking ieee80211_vif_block_queues(), modifying channel contexts via ieee80211_vif_use_reserved_context(), and adjusting HT protection modes. This allows the TDLS code path to execute against infrastructure mode stations, causing the kernel to apply peer-to-peer connection parameters to traditional client-AP associations. The affected code has existed since the initial TDLS implementation but only triggers when userspace explicitly invokes TDLS operations, requiring interaction with nl80211-capable wireless management tools.

RemediationAI

Update to patched kernel versions: 6.12.81 or later for 6.12.x series, 6.18.22 or later for 6.18.x, 6.19.12 or later for 6.19.x, or 7.0 or later for mainline. Patches available from kernel.org git stable tree at https://git.kernel.org/stable/c/8148c2fda4ebb17104a573649c9b699208ad10ee (6.12), https://git.kernel.org/stable/c/be81f17151fcb8546a95f35ca8f4231b065985de (6.18), https://git.kernel.org/stable/c/7d73872d949c488a1d7c308031d6a9d89b5e0a8b (6.19), and https://git.kernel.org/stable/c/e77b2937aaa20264e4bd699d3244bdb50e7e3343 (7.0). Distribution-specific updates: check RHEL/CentOS, Ubuntu, Debian, SUSE advisories for backported patches. Workaround for systems unable to immediately patch: restrict nl80211 wireless management capabilities by removing CAP_NET_ADMIN from untrusted local users and limiting membership in netdev/wireless groups - this prevents unprivileged users from invoking TDLS operations entirely but may impact legitimate wireless management tools. Alternative compensating control: disable TDLS support at compile time by removing CONFIG_MAC80211_TDLS if TDLS functionality is not required in your environment, though this requires kernel rebuild and is impractical for most deployments. Note that restricting capabilities may break NetworkManager and similar tools for non-root users; test in staging environment first.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43052 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy