4.7

CVE-2026-46187

wifi: rsi: fix kthread lifetime race between self-exit and external-stop

In the Linux kernel, the following vulnerability has been resolved:

wifi: rsi: fix kthread lifetime race between self-exit and external-stop

RSI driver use both self-exit(kthread_complete_and_exit) and external-stop
(kthread_stop) when killing a kthread. Generally, kthread_stop() is called
first, and in this case, no particular issues occur.

However, in rare instances where kthread_complete_and_exit() is called
first and then kthread_stop() is called, a UAF occurs because the kthread
object, which has already exited and been freed, is accessed again.

Therefore, to prevent this with minimal modification, you must remove
kthread_stop() and change the code to wait until the self-exit operation
is completed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.18.139 < 3.19
LinuxLinux Kernel Version >= 4.4.179 < 4.5
LinuxLinux Kernel Version >= 4.9.170 < 4.10
LinuxLinux Kernel Version >= 4.14.113 < 4.15
LinuxLinux Kernel Version >= 4.19.36 < 5.10.258
LinuxLinux Kernel Version >= 5.11 < 5.15.209
LinuxLinux Kernel Version >= 5.16 < 6.1.175
LinuxLinux Kernel Version >= 6.2 < 6.6.140
LinuxLinux Kernel Version >= 6.7 < 6.12.88
LinuxLinux Kernel Version >= 6.13 < 6.18.30
LinuxLinux Kernel Version >= 6.19 < 7.0.7
LinuxLinux Kernel Version7.1 Updaterc1
LinuxLinux Kernel Version7.1 Updaterc2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.007
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 1 3.6
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://git.kernel.org/stable/c/95fcb436586dc3c2983537d557ac05bbc6a027f3
Patch
https://git.kernel.org/stable/c/16d9f674c619838bdeae42abc0929c9c5477ea1f
Patch
https://git.kernel.org/stable/c/4f9a4ae8d2c198f01611ea376034c326ef43ab56
Patch
https://git.kernel.org/stable/c/4f4c9b13c485abd0a2d2c97f9db339d1dd8e147f
Patch
https://git.kernel.org/stable/c/db57a1aa54ff68669781976e4edb045e09e2b65b
Patch
https://git.kernel.org/stable/c/4ac3095da22fc50e51ec10c3b8323c21ab3e441a
Patch
https://git.kernel.org/stable/c/4f697813162d5f9151726a6d2bee82bffe4b0256
Patch
https://git.kernel.org/stable/c/9dfe8a4458a063c6433526bc59112a169eee1aa3
Patch