183 matches found
PT-2026-52006
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the rtlwifi PCI component. The irq prepare bcn tasklet is initialized in rtl pci init and scheduled upon a RTL IMR BCNINT hardware interrupt. Because thi...
CVE-2026-46307
In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: The ath5k driver seems to do an array-index-out-of-bounds access as shown by the UBSAN kernel message: UBSAN: array-index-out-of-bounds in...
SUSE CVE-2026-46152
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...
CVE-2026-46152
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rxresult ieee80211invokefastrx is documented as safe for parallel RX, but its per-invocation rxresult is declared static. Concurrent callers then share one instance and can overwri...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fixed a UAF in ieee80211scanrx The ieee80211scanrx function attempts to access scanreq-flags after a null check. However, a UAF Use-after-Allocation was observed when the scan is completed and ieee80211scancomplet...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mac80211: Fixed an error in the ieee80211chanbwchange function for APVLAN stations. The ieee80211chanbwchange function iterates through all stations and accesses link-reserved.oper via sta-sdata-linklinkid. For stations on...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fortify the spinlock against deadlock by interrupt In the function ieee80211txdequeue, there is a specific locking sequence: begin: spinlock&local-queuestopreasonlock; qstopped = local-queuestopreasonsq;...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mt76: mt7915 – Corruption of the list after hardware restart. Since stations are recreated from scratch, all lists to which wcids is added must be cleared before calling ieee80211restarthw. Set wcid-sta to 0 for each wci...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: “wifi: mac80211: fix memory leak in ieee80211ifadd” This resolution involves committing changes in commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. The function ieee80211iffree is already called from freenetdevndev, because...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Do not return “unset power” in ieee80211gettxpower. We may receive a UBSAN warning if ieee80211gettxpower returns the INTMIN value that mac80211 internally uses for “unset power level”. UBSAN:...
Wireshark 2.4.x < 2.4.8 Multiple Vulnerabilities (macOS)
The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.4.8. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.4.8 advisory. - In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This wa...
mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations
...
SUSE CVE-2026-31394
In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee80211chanbwchange for APVLAN stations ieee80211chanbwchange iterates all stations and accesses link-reserved.oper via sta-sdata-linklinkid. For stations on APVLAN interfaces e.g. 4addr WDS clients,...
CVE-2026-31394
CVE-2026-31394 concerns the Linux kernel mac80211 path where AP_VLAN (4addr) stations can trigger a NULL pointer dereference in __ieee80211_sta_cap_rx_bw() due to sta->sdata pointing to VLAN sdata, which may not participate in chanctx reservations. The root cause is that link->reserved.oper...
CVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211txprepareskb failure ieee80211txprepareskb has three error paths, but only two of them free the skb. The first error path ieee80211txprepare returning TXDROP does not free it, while...
PT-2026-30139
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's mac80211 component related to the handling of skb socket buffer memory allocation within the ieee80211 tx prepare skb function. Specifically, the...
PT-2026-30177
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's mac80211 component, specifically within the ieee80211 chan bw change function. This function iterates through stations and accesses link-reserved.oper...
CVE-2026-23373
In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Don't default to -EOPNOTSUPP in rsimac80211config This triggers a WARNON in ieee80211hwconfinit and isn't the expected behavior from the driver - other drivers default to 0 too...
CVE-2026-23246
CVE-2026-23246 affects the Linux kernel wifi mac80211 bounds-check in the ML Reconfiguration path. The issue arises from linking link_id (0-15) to the link_removal_timeout array (size 15), allowing an out-of-bounds write when link_id equals 15. The advisories state to skip subelements with link_i...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of boundary checks on the linkid parameter in the ieee80211mlreconfiguration function...