CVE-2026-23444

MEDIUM EPSS 2.9%
Published Apr 3, 20262mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 3, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure ieee80211_tx_prepare_skb() has three error paths, but only two of them free the skb. The first error path (ieee80211_tx_prepare() returning TX_DROP) does not free it, while invoke_tx_handlers() failure and the fragmentation check both do. Add kfree_skb() to the first error path so all three are consistent, and remove the now-redundant frees in callers (ath9k, mt76, mac80211_hwsim) to avoid double-free. Document the skb ownership guarantee in the function's kdoc.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-401

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥3.13.1  –  <6.18.20
linuxlinux_kernel*≥6.19  –  <6.19.10
linuxlinux_kernel3.13any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/06e769dddcbeb3baf2ce346273b53dd61fdbecf4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3b4d27acafaeab478fd24f79ad6e593a892828b9
  • git.kernel.org https://git.kernel.org/stable/c/50f1b690b4868923fbd242298def2fb88662f108
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5ef8ca1c164786da24169af155c1ca1ff1353cf8
  • git.kernel.org https://git.kernel.org/stable/c/905ef207d5ed99ca64adfe39fba9ac46e434327a
  • git.kernel.org https://git.kernel.org/stable/c/9a779d1f480e83720b5384adf165604e7ee226bd
  • git.kernel.org https://git.kernel.org/stable/c/d5ad6ab61cbd89afdb60881f6274f74328af3ee9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f77b51bcee7be2bb686b5f7a2d4a1921e4bdb9f4

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/06e769dddcbeb3baf2ce346273b53dd61fdbecf4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/50f1b690b4868923fbd242298def2fb88662f108
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d5ad6ab61cbd89afdb60881f6274f74328af3ee9
    Patch