8.8

CVE-2026-46152

wifi: mac80211: drop stray 'static' from fast-RX rx_result

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: drop stray 'static' from fast-RX rx_result

ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but
its per-invocation rx_result is declared static. Concurrent callers then
share one instance and can overwrite each other's result between
ieee80211_rx_mesh_data() and the switch on res.

That can make a packet that was queued or consumed by
ieee80211_rx_mesh_data() fall through into ieee80211_rx_8023(), or make
a packet that should continue return as queued.

Make res an automatic variable so each invocation keeps its own result.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.4 < 6.6.140
LinuxLinux Kernel Version >= 6.7 < 6.12.88
LinuxLinux Kernel Version >= 6.13 < 6.18.30
LinuxLinux Kernel Version >= 6.19 < 7.0.7
LinuxLinux Kernel Version7.1 Updaterc1
LinuxLinux Kernel Version7.1 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.063
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-1058 Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element

The code contains a function or method that operates in a multi-threaded environment but owns an unsafe non-final static storable or member data element.

https://git.kernel.org/stable/c/03584528bfffb195e384698af9148b94e42e3f14
Patch
https://git.kernel.org/stable/c/1739fc31b4de06c5c78ce0741182770fb079091e
Patch
https://git.kernel.org/stable/c/e131562d6f2b958148c35c98831b007f47f0e3d3
Patch
https://git.kernel.org/stable/c/3ef44f96ccc3e06e059dec57842e366f0c4b1893
Patch
https://git.kernel.org/stable/c/7a5b81e0c87a075afd572f659d8eb68c9c4cd2ba
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=2482563
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46152.json
https://access.redhat.com/errata/RHSA-2026:26427
https://access.redhat.com/errata/RHSA-2026:26428
https://access.redhat.com/errata/RHSA-2026:27789
https://access.redhat.com/errata/RHSA-2026:27288
https://access.redhat.com/errata/RHSA-2026:36767
https://access.redhat.com/security/cve/CVE-2026-46152