CVE-2026-46152
Published: May 28, 2026
Modified: May 30, 2026
CVSS v3.1
8.8
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rx_result ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but its per-invocation rx_result is declared static. Concurrent callers then share one instance and can overwrite each other's result between ieee80211_rx_mesh_data() and the switch on res. That can make a packet that was queued or consumed by ieee80211_rx_mesh_data() fall through into ieee80211_rx_8023(), or make a packet that should continue return as queued. Make res an automatic variable so each invocation keeps its own result.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 3468e1e0c639032a603450f0830ccabfa76f5806 - < 03584528bfffb195e384698af9148b94e42e3f14affected 3468e1e0c639032a603450f0830ccabfa76f5806 - < 1739fc31b4de06c5c78ce0741182770fb079091eaffected 3468e1e0c639032a603450f0830ccabfa76f5806 - < e131562d6f2b958148c35c98831b007f47f0e3d3affected 3468e1e0c639032a603450f0830ccabfa76f5806 - < 3ef44f96ccc3e06e059dec57842e366f0c4b1893affected 3468e1e0c639032a603450f0830ccabfa76f5806 - < 7a5b81e0c87a075afd572f659d8eb68c9c4cd2ba |
Linux | Linux | affected 6.4unaffected 0 - < 6.4unaffected 6.6.140 - <= 6.6.*unaffected 6.12.88 - <= 6.12.*unaffected 6.18.30 - <= 6.18.*+2 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now