CVE-2026-23130
Deadlock in Linux ath12k WiFi Driver Management Frame Flush
Publication date: 2026-02-14
Last updated on: 2026-03-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.14 (inc) to 6.18.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-667 | The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a deadlock issue in the Linux kernel's ath12k WiFi driver related to flushing management frames.
The problem occurs because a management transmission work item was converted into a wiphy work, which requires running under a wiphy lock. When flushing pending frames with a NULL vif (virtual interface), the flush process holds the wiphy lock and waits for transmission to complete, but the transmission work cannot run because it needs the same lock, causing a deadlock.
From a user perspective, this deadlock manifests as repeated authentication attempts and aborted associations with WiFi access points, along with failure messages indicating that management packets remain pending and cannot be flushed.
The fix involves proactively running the queued work item by invoking wiphy_work_flush() earlier in the flush process to avoid the deadlock, especially when vif is NULL.
How can this vulnerability impact me? :
This vulnerability can cause your WiFi connection to experience deadlocks during management frame transmission, leading to repeated authentication attempts and aborted associations with wireless networks.
As a result, your device may fail to connect or maintain stable connections to WiFi access points, causing network disruptions and degraded wireless performance.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing specific deadlock symptoms in the wireless interface logs related to the ath12k driver. The user may notice repeated authentication attempts, aborted associations, and messages indicating failure to flush management transmit queues with pending management packets.
- Look for log entries similar to the following in system logs (e.g., using dmesg or journalctl):
- wlp8s0: authenticate with xxxxxx (local address=xxxxxx)
- wlp8s0: send auth to xxxxxx (try 1/3)
- wlp8s0: aborting association with xxxxxx by local choice (Reason: 3=DEAUTH_LEAVING)
- ath12k_pci 0000:08:00.0: failed to flush mgmt transmit queue, mgmt pkts pending 1
Commands to check these logs include:
- dmesg | grep ath12k
- journalctl -k | grep ath12k
- journalctl -u NetworkManager -e
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the ath12k deadlock issue. The fix involves modifying the ath12k_mac_op_flush() function to invoke wiphy_work_flush() even when the vif is NULL, preventing the deadlock.
If updating the kernel immediately is not possible, monitor the wireless interface logs for the deadlock symptoms and consider restarting the wireless interface or system to clear the deadlock condition temporarily.
Long term mitigation requires applying the patch that moves the wiphy_work_flush() call ahead to cover the case where vif is NULL, as described in the vulnerability details.