QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-23336

Back to search

CVE-2026-23336

Published: Mar 25, 2026

Modified: May 11, 2026

PUBLISHED

CVSS v3.1

7.8

HIGH

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() There is a use-after-free error in cfg80211_shutdown_all_interfaces found by syzkaller: BUG: KASAN: use-after-free in cfg80211_shutdown_all_interfaces+0x213/0x220 Read of size 8 at addr ffff888112a78d98 by task kworker/0:5/5326 CPU: 0 UID: 0 PID: 5326 Comm: kworker/0:5 Not tainted 6.19.0-rc2 #2 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: events cfg80211_rfkill_block_work Call Trace: <TASK> dump_stack_lvl+0x116/0x1f0 print_report+0xcd/0x630 kasan_report+0xe0/0x110 cfg80211_shutdown_all_interfaces+0x213/0x220 cfg80211_rfkill_block_work+0x1e/0x30 process_one_work+0x9cf/0x1b70 worker_thread+0x6c8/0xf10 kthread+0x3c5/0x780 ret_from_fork+0x56d/0x700 ret_from_fork_asm+0x1a/0x30 </TASK> The problem arises due to the rfkill_block work is not cancelled when wiphy is being unregistered. In order to fix the issue cancel the corresponding work in wiphy_unregister(). Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

VendorProductVersions

Linux

Linux

affected
1f87f7d3a3b42b20f34cb03f0fd1a41c3d0e27f3 - < 82a35356b5c1f75fe6a8a561db44e8d0e49da8f9
affected
1f87f7d3a3b42b20f34cb03f0fd1a41c3d0e27f3 - < b2e9626a9d16b9bbbd06498c9e73c93be354dc7a
affected
1f87f7d3a3b42b20f34cb03f0fd1a41c3d0e27f3 - < eeea8da43ab86ac0a6b9cec225eec91564346940
affected
1f87f7d3a3b42b20f34cb03f0fd1a41c3d0e27f3 - < fa18639deab4a3662d543200c5bfc29bf4e23173
affected
1f87f7d3a3b42b20f34cb03f0fd1a41c3d0e27f3 - < 57e39fe8da573435fa35975f414f4dc17d9f8449

+3 more versions

Linux

Linux

affected
2.6.31
unaffected
0 - < 2.6.31
unaffected
5.10.253 - <= 5.10.*
unaffected
5.15.203 - <= 5.15.*
unaffected
6.1.167 - <= 6.1.*

+5 more versions

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now