CVE-2026-46125
Published: May 28, 2026
Modified: May 30, 2026
CVSS v3.1
8.8
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: remove station if connection prep fails If connection preparation fails for MLO connections, then the interface is completely reset to non-MLD. In this case, we must not keep the station since it's related to the link of the vif being removed. Delete an existing station. Any "new_sta" is already being removed, so that doesn't need changes. This fixes a use-after-free/double-free in debugfs if that's enabled, because a vif going from MLD (and to MLD, but that's not relevant here) recreates its entire debugfs.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 81151ce462e533551f3284bfdb8e0f461c9220e6 - < fe75fa1ac9a92990f7fc3d34b17808fd933071b2affected 81151ce462e533551f3284bfdb8e0f461c9220e6 - < afcbaed89cdc1a001b43270cbf5394bb4804270aaffected 81151ce462e533551f3284bfdb8e0f461c9220e6 - < 9e28654f79f443bca9b29ff3ae7cf18abfba58a0affected 81151ce462e533551f3284bfdb8e0f461c9220e6 - < 1c2b72ea89882aeb948340498391e69c58d466f1affected 81151ce462e533551f3284bfdb8e0f461c9220e6 - < 283fc9e44ff5b5ac967439b4951b80bd4299f4e4 |
Linux | Linux | affected 6.0unaffected 0 - < 6.0unaffected 6.6.140 - <= 6.6.*unaffected 6.12.88 - <= 6.12.*unaffected 6.18.30 - <= 6.18.*+2 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now