CVE-2026-46125
HIGH EPSS 18.3%
Published May 28, 20261mo ago · Modified Jun 19, 20261w ago
8.8 CVSS 3.1
Published May 28, 2026 1mo ago
Last Modified Jun 19, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: remove station if connection prep fails If connection preparation fails for MLO connections, then the interface is completely reset to non-MLD. In this case, we must not keep the station since it's related to the link of the vif being removed. Delete an existing station. Any "new_sta" is already being removed, so that doesn't need changes. This fixes a use-after-free/double-free in debugfs if that's enabled, because a vif going from MLD (and to MLD, but that's not relevant here) recreates its entire debugfs.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
18.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
References 6
- git.kernel.org https://git.kernel.org/stable/c/18fed0a209500bfea5c4c08609ec93855e4e500b
- git.kernel.org https://git.kernel.org/stable/c/1c2b72ea89882aeb948340498391e69c58d466f1
- git.kernel.org https://git.kernel.org/stable/c/283fc9e44ff5b5ac967439b4951b80bd4299f4e4
- git.kernel.org https://git.kernel.org/stable/c/9e28654f79f443bca9b29ff3ae7cf18abfba58a0
- git.kernel.org https://git.kernel.org/stable/c/afcbaed89cdc1a001b43270cbf5394bb4804270a
- git.kernel.org https://git.kernel.org/stable/c/fe75fa1ac9a92990f7fc3d34b17808fd933071b2
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.