CVE-2026-23420
Received Received - Intake

Locking Bug in Linux wlcore WiFi Driver Causes Potential Deadlock

Vulnerability report for CVE-2026-23420, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-03

Last updated on: 2026-04-24

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Fix a locking bug Make sure that wl->mutex is locked before it is unlocked. This has been detected by the Clang thread-safety analyzer.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-03
Last Modified
2026-04-24
Generated
2026-07-06
AI Q&A
2026-04-03
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 15 associated CPEs
Vendor Product Version / Range
linux linux_kernel 4.19
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.17 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.77 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.167 (exc)
linux linux_kernel From 4.19.1 (inc) to 5.10.253 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a locking bug in the Linux kernel's wlcore wifi driver. Specifically, the issue involves improper handling of a mutex lock (wl->mutex), where the code attempts to unlock the mutex without ensuring it was previously locked. This bug was detected by the Clang thread-safety analyzer and has been fixed by making sure the mutex is locked before it is unlocked.

Impact Analysis

This vulnerability involves a locking bug in the Linux kernel's wlcore wifi driver, where the mutex is not properly locked before being unlocked. Such a bug can lead to potential race conditions or thread-safety issues, which might cause system instability or crashes.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23420. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart