kernel: wifi: mac80211: use safe list iteration in radar detect work

A flaw was found in the Linux kernel's mac80211 wireless subsystem. This vulnerability arises from unsafe list iteration during radar detection work, where a channel context can be freed while still being processed. This can lead to a use-after-free memory error. A successful exploit could result...

kernel: wifi: mac80211: use safe list iteration in radar detect work

A flaw was found in the Linux kernel's mac80211 wireless subsystem. This vulnerability arises from unsafe list iteration during radar detection work, where a channel context can be freed while still being processed. This can lead to a use-after-free memory error. A successful exploit could result...

kernel: wifi: mac80211: use safe list iteration in radar detect work

A flaw was found in the Linux kernel's mac80211 wireless subsystem. This vulnerability arises from unsafe list iteration during radar detection work, where a channel context can be freed while still being processed. This can lead to a use-after-free memory error. A successful exploit could result...

CVE-2026-46166

A flaw was found in the Linux kernel's mac80211 wireless subsystem. This vulnerability arises from unsafe list iteration during radar detection work, where a channel context can be freed while still being processed. This can lead to a use-after-free memory error. A successful exploit could result...

CVE-2026-46166

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211dfscaccancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-after-free error...

CVE-2026-46166

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211dfscaccancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-after-free error...

CVE-2026-46166

The CVE-2026-46166 affects the Linux kernel’s wireless subsystem (mac80211) in the radar detect work. The root cause is unsafe list iteration during radar processing, where ieee80211_dfs_cac_cancel can free the iterated chanctx and remove it from the list, causing a slab-use-after-free. A guarded...

EUVD-2026-32793

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211dfscaccancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-after-free error...

PT-2026-44289

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-use-after-free error exists in the mac80211 wireless subsystem. The issue occurs during radar detect work when the ieee80211 dfs cac cancel function is called, which can cause the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of use of a security list iteration in the mac80211 radar detection process. This...

Vulnerability of the ath11k_wmi_pdev_dfs_radar_detected_event() function in the drivers/net/wireless/ath/ath11k/wmi.c module – This driver provides support for Atheros/Qualcomm wireless adapter devices in the Linux operating system. It allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the ath11kwmipdevdfsradetectedevent function in the drivers/net/wireless/ath/ath11k/wmi.c module – the driver for Atheros/Qualcomm wireless adapter support in Linux operating systems – stems from the reutilization of previously freed memory. Exploiting this vulnerability can...

UBUNTU-CVE-2023-52776

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dfs-radar and temperature event locking The ath12k active pdevs are protected by RCU but the DFS-radar and temperature event handling code calling ath12kmacgetarbypdevid was not marked as a read-side critical...

SuSE 10 Security Update : madwifi (ZYPP Patch Number 4285)

This update fixes some bugs in madwifi : - possible security bug in radar detection code - dynamic Beacon Interval - Standardise Radiotap FCS Handling - fix wrong channel change behavior for AP mode - fix athhardstart returning 0 even if queue is full - rxantenna value is reset after suspend/resu...