8.8
CVE-2026-46125
- EPSS 0.3%
- Veröffentlicht 28.05.2026 09:35:39
- Zuletzt bearbeitet 30.06.2026 03:20:09
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
wifi: mac80211: remove station if connection prep fails
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: remove station if connection prep fails If connection preparation fails for MLO connections, then the interface is completely reset to non-MLD. In this case, we must not keep the station since it's related to the link of the vif being removed. Delete an existing station. Any "new_sta" is already being removed, so that doesn't need changes. This fixes a use-after-free/double-free in debugfs if that's enabled, because a vif going from MLD (and to MLD, but that's not relevant here) recreates its entire debugfs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.0 < 6.1.176
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.140
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.88
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.30
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.7
Linux ≫ Linux Kernel Version7.1 Updaterc1
Linux ≫ Linux Kernel Version7.1 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.218 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
CWE-825 Expired Pointer Dereference
The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
https://git.kernel.org/stable/c/fe75fa1ac9a92990f7fc3d34b17808fd933071b2
https://git.kernel.org/stable/c/afcbaed89cdc1a001b43270cbf5394bb4804270a
https://git.kernel.org/stable/c/9e28654f79f443bca9b29ff3ae7cf18abfba58a0
https://git.kernel.org/stable/c/1c2b72ea89882aeb948340498391e69c58d466f1
https://git.kernel.org/stable/c/283fc9e44ff5b5ac967439b4951b80bd4299f4e4
https://git.kernel.org/stable/c/18fed0a209500bfea5c4c08609ec93855e4e500b
https://access.redhat.com/errata/RHSA-2026:27288
https://access.redhat.com/errata/RHSA-2026:27731
https://access.redhat.com/errata/RHSA-2026:27789
https://access.redhat.com/errata/RHSA-2026:26427
https://access.redhat.com/errata/RHSA-2026:26428
https://access.redhat.com/errata/RHSA-2026:27708
https://access.redhat.com/errata/RHSA-2026:26462
https://access.redhat.com/errata/RHSA-2026:26515
https://access.redhat.com/errata/RHSA-2026:26563
https://access.redhat.com/errata/RHSA-2026:27735
https://access.redhat.com/security/cve/CVE-2026-46125
https://bugzilla.redhat.com/show_bug.cgi?id=2482608
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46125.json