4 matches found
EUVD-2026-15203
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-free in lbsfreeadapter The lbsfreeadapter function uses timerdelete non-synchronous for both commandtimer and txlockuptimer before the structure is freed. This is incorrect because timerdelete does n...
CVE-2026-23281
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-free in lbsfreeadapter The lbsfreeadapter function uses timerdelete non-synchronous for both commandtimer and txlockuptimer before the structure is freed. This is incorrect because timerdelete does n...
CVE-2026-23281
In CVE-2026-23281, the Linux kernel Libertus wifi driver (lbs_free_adapter) uses non‑synchronous timer_delete() for command_timer and tx_lockup_timer, risking use‑after‑free if a timer callback runs during free. The callbacks (lbs_cmd_timeout_handler, lbs_tx_lockup_handler) access freed fields, c...
PT-2026-27646
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s wifi subsystem, specifically within the libertas driver. The lbs free adapter function incorrectly uses timer delete instead of timer delete sync for...