CVE-2026-23444
Published: Apr 3, 2026
Modified: Jun 1, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure ieee80211_tx_prepare_skb() has three error paths, but only two of them free the skb. The first error path (ieee80211_tx_prepare() returning TX_DROP) does not free it, while invoke_tx_handlers() failure and the fragmentation check both do. Add kfree_skb() to the first error path so all three are consistent, and remove the now-redundant frees in callers (ath9k, mt76, mac80211_hwsim) to avoid double-free. Document the skb ownership guarantee in the function's kdoc.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 06be6b149f7e406bcf16098567f5a6c9f042bced - < 905ef207d5ed99ca64adfe39fba9ac46e434327aaffected 06be6b149f7e406bcf16098567f5a6c9f042bced - < 5ef8ca1c164786da24169af155c1ca1ff1353cf8affected 06be6b149f7e406bcf16098567f5a6c9f042bced - < 9a779d1f480e83720b5384adf165604e7ee226bdaffected 06be6b149f7e406bcf16098567f5a6c9f042bced - < f77b51bcee7be2bb686b5f7a2d4a1921e4bdb9f4affected 06be6b149f7e406bcf16098567f5a6c9f042bced - < 3b4d27acafaeab478fd24f79ad6e593a892828b9+3 more versions |
Linux | Linux | affected 3.13unaffected 0 - < 3.13unaffected 5.10.258 - <= 5.10.*unaffected 5.15.209 - <= 5.15.*unaffected 6.1.175 - <= 6.1.*+5 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now