CVE-2026-46125
Severity CVSS v4.0:
Pending analysis
Type:
CWE-416
Use After Free
Publication date:
28/05/2026
Last modified:
30/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
wifi: mac80211: remove station if connection prep fails<br />
<br />
If connection preparation fails for MLO connections, then the<br />
interface is completely reset to non-MLD. In this case, we must<br />
not keep the station since it&#39;s related to the link of the vif<br />
being removed. Delete an existing station. Any "new_sta" is<br />
already being removed, so that doesn&#39;t need changes.<br />
<br />
This fixes a use-after-free/double-free in debugfs if that&#39;s<br />
enabled, because a vif going from MLD (and to MLD, but that&#39;s<br />
not relevant here) recreates its entire debugfs.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.0 (including) | 6.1.176 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.140 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.88 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.30 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 7.0.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/18fed0a209500bfea5c4c08609ec93855e4e500b
- https://git.kernel.org/stable/c/1c2b72ea89882aeb948340498391e69c58d466f1
- https://git.kernel.org/stable/c/283fc9e44ff5b5ac967439b4951b80bd4299f4e4
- https://git.kernel.org/stable/c/9e28654f79f443bca9b29ff3ae7cf18abfba58a0
- https://git.kernel.org/stable/c/afcbaed89cdc1a001b43270cbf5394bb4804270a
- https://git.kernel.org/stable/c/fe75fa1ac9a92990f7fc3d34b17808fd933071b2
- https://access.redhat.com/errata/RHSA-2026:26427
- https://access.redhat.com/errata/RHSA-2026:26428
- https://access.redhat.com/errata/RHSA-2026:26462
- https://access.redhat.com/errata/RHSA-2026:26515
- https://access.redhat.com/errata/RHSA-2026:26563
- https://access.redhat.com/errata/RHSA-2026:27288
- https://access.redhat.com/errata/RHSA-2026:27708
- https://access.redhat.com/errata/RHSA-2026:27731
- https://access.redhat.com/errata/RHSA-2026:27735
- https://access.redhat.com/errata/RHSA-2026:27789
- https://access.redhat.com/security/cve/CVE-2026-46125
- https://bugzilla.redhat.com/show_bug.cgi?id=2482608
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46125.json



