-

CVE-2026-53112

wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq_prepare_bcn_tasklet

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq_prepare_bcn_tasklet

The irq_prepare_bcn_tasklet is initialized in rtl_pci_init() and
scheduled when RTL_IMR_BCNINT interrupt is triggered by hardware.
But it is never killed in rtl_pci_deinit(). When the rtlwifi card
probe fails or is being detached, the ieee80211_hw is deallocated.
However, irq_prepare_bcn_tasklet may still be running or pending,
leading to use-after-free when the freed ieee80211_hw is accessed
in _rtl_pci_prepare_bcn_tasklet().

Similar to irq_tasklet, add tasklet_kill() in rtl_pci_deinit() to
ensure that irq_prepare_bcn_tasklet is properly terminated before
the ieee80211_hw is released.

The issue was identified through static analysis.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 0c8173385e549f95cd80c3fff5aab87b4f881d8d
Version < ae10d4a1ab6bcaa1336abb171908a9a365761d3e
Status affected
Version 0c8173385e549f95cd80c3fff5aab87b4f881d8d
Version < fac1079e0fdec6df6d7562c21941587236dc3def
Status affected
Version 0c8173385e549f95cd80c3fff5aab87b4f881d8d
Version < e40873820c9d245ce482faa7ad514ebdb3b8d23d
Status affected
Version 0c8173385e549f95cd80c3fff5aab87b4f881d8d
Version < 008c456b76e9070979bc0e763897a5d3b0fdd4dc
Status affected
Version 0c8173385e549f95cd80c3fff5aab87b4f881d8d
Version < 7731b67bd59d1284d150cbe40a47e95a10613234
Status affected
Version 0c8173385e549f95cd80c3fff5aab87b4f881d8d
Version < aa10a452e34810987fb9f4a047995b30003fb53f
Status affected
Version 0c8173385e549f95cd80c3fff5aab87b4f881d8d
Version < 3c0e8a3179e6325a7dc6ce221aef0e03d854ab4b
Status affected
Version 0c8173385e549f95cd80c3fff5aab87b4f881d8d
Version < 039cd522dc70151da13329a5e3ae19b1736f468a
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 2.6.38
Status affected
Version 0
Version < 2.6.38
Status unaffected
Version <= 5.10.*
Version 5.10.258
Status unaffected
Version <= 5.15.*
Version 5.15.209
Status unaffected
Version <= 6.1.*
Version 6.1.175
Status unaffected
Version <= 6.6.*
Version 6.6.141
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.06
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/ae10d4a1ab6bcaa1336abb171908a9a365761d3e
https://git.kernel.org/stable/c/fac1079e0fdec6df6d7562c21941587236dc3def
https://git.kernel.org/stable/c/e40873820c9d245ce482faa7ad514ebdb3b8d23d
https://git.kernel.org/stable/c/008c456b76e9070979bc0e763897a5d3b0fdd4dc
https://git.kernel.org/stable/c/7731b67bd59d1284d150cbe40a47e95a10613234
https://git.kernel.org/stable/c/aa10a452e34810987fb9f4a047995b30003fb53f
https://git.kernel.org/stable/c/3c0e8a3179e6325a7dc6ce221aef0e03d854ab4b
https://git.kernel.org/stable/c/039cd522dc70151da13329a5e3ae19b1736f468a