CVE-2026-46152
Race Condition in Linux Kernel's mac80211 Fast-RX Mechanism
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's wifi mac80211 component. The function ieee80211_invoke_fast_rx() is intended to be safe for parallel reception (RX) of packets, but it uses a static variable for its per-invocation result (rx_result). Because this variable is static, concurrent calls to the function share the same instance, which can cause them to overwrite each other's results.
As a result, packets that were queued or consumed by one part of the code (ieee80211_rx_mesh_data()) might incorrectly fall through to another handler (ieee80211_rx_8023()), or packets that should continue processing might be incorrectly marked as queued. The fix was to change the static variable to an automatic variable so that each function call maintains its own independent result.
How can this vulnerability impact me? :
This vulnerability can cause incorrect handling of wifi packets in the Linux kernel. Specifically, packets may be misrouted or improperly processed due to concurrent calls overwriting shared state. This could lead to network instability, packet loss, or unexpected behavior in wireless communications.