CVE-2026-46152

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/05/2026
Last modified:
30/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: mac80211: drop stray &amp;#39;static&amp;#39; from fast-RX rx_result<br /> <br /> ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but<br /> its per-invocation rx_result is declared static. Concurrent callers then<br /> share one instance and can overwrite each other&amp;#39;s result between<br /> ieee80211_rx_mesh_data() and the switch on res.<br /> <br /> That can make a packet that was queued or consumed by<br /> ieee80211_rx_mesh_data() fall through into ieee80211_rx_8023(), or make<br /> a packet that should continue return as queued.<br /> <br /> Make res an automatic variable so each invocation keeps its own result.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.4 (including) 6.6.140 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.88 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.18.30 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.19 (including) 7.0.7 (excluding)
cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*