CVE-2026-23444
MEDIUM EPSS 2.9%
Published Apr 3, 20262mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published Apr 3, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure ieee80211_tx_prepare_skb() has three error paths, but only two of them free the skb. The first error path (ieee80211_tx_prepare() returning TX_DROP) does not free it, while invoke_tx_handlers() failure and the fragmentation check both do. Add kfree_skb() to the first error path so all three are consistent, and remove the now-redundant frees in callers (ath9k, mt76, mac80211_hwsim) to avoid double-free. Document the skb ownership guarantee in the function's kdoc.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
2.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-401
Affected Products 10
References 8
- git.kernel.org https://git.kernel.org/stable/c/06e769dddcbeb3baf2ce346273b53dd61fdbecf4
- git.kernel.org https://git.kernel.org/stable/c/3b4d27acafaeab478fd24f79ad6e593a892828b9
- git.kernel.org https://git.kernel.org/stable/c/50f1b690b4868923fbd242298def2fb88662f108
- git.kernel.org https://git.kernel.org/stable/c/5ef8ca1c164786da24169af155c1ca1ff1353cf8
- git.kernel.org https://git.kernel.org/stable/c/905ef207d5ed99ca64adfe39fba9ac46e434327a
- git.kernel.org https://git.kernel.org/stable/c/9a779d1f480e83720b5384adf165604e7ee226bd
- git.kernel.org https://git.kernel.org/stable/c/d5ad6ab61cbd89afdb60881f6274f74328af3ee9
- git.kernel.org https://git.kernel.org/stable/c/f77b51bcee7be2bb686b5f7a2d4a1921e4bdb9f4
Remediation
- git.kernel.org https://git.kernel.org/stable/c/06e769dddcbeb3baf2ce346273b53dd61fdbecf4
- git.kernel.org https://git.kernel.org/stable/c/50f1b690b4868923fbd242298def2fb88662f108
- git.kernel.org https://git.kernel.org/stable/c/d5ad6ab61cbd89afdb60881f6274f74328af3ee9