CVE-2026-23246
Published: Mar 18, 2026
Modified: May 11, 2026
CVSS v3.1
8.8
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration link_id is taken from the ML Reconfiguration element (control & 0x000f), so it can be 0..15. link_removal_timeout[] has IEEE80211_MLD_MAX_NUM_LINKS (15) elements, so index 15 is out-of-bounds. Skip subelements with link_id >= IEEE80211_MLD_MAX_NUM_LINKS to avoid a stack out-of-bounds write.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8eb8dd2ffbbb6b0b8843b66754ee9f129f1b2d6c - < 650981e718e68005ca2760a6358134b8a98ebea4affected 8eb8dd2ffbbb6b0b8843b66754ee9f129f1b2d6c - < bfde158d5d1322c0c2df398a8d1ccce04943be2eaffected 8eb8dd2ffbbb6b0b8843b66754ee9f129f1b2d6c - < f35ceec54d48e227fa46f8f97fd100a77b8eab15affected 8eb8dd2ffbbb6b0b8843b66754ee9f129f1b2d6c - < d58d71c2167601762351962b9604808d3be94400affected 8eb8dd2ffbbb6b0b8843b66754ee9f129f1b2d6c - < 162d331d833dc73a3e905a24c44dd33732af1fc5 |
Linux | Linux | affected 6.5unaffected 0 - < 6.5unaffected 6.6.130 - <= 6.6.*unaffected 6.12.77 - <= 6.12.*unaffected 6.18.17 - <= 6.18.*+2 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now