CVE-2026-46248
Received Received - Intake
Memory Leak in ath12k WiFi Driver

Publication date: 2026-06-03

Last updated on: 2026-06-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif->links_map When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif is created (arvif->is_created remains false), the error path attempts to delete all links. However, link deletion only executes when arvif->is_created is true. As a result, ahvif retains a stale entry of arvif that is initialized but not created. When a new arvif is initialized with the same link id, this stale mapping triggers the following WARN_ON. WARNING: drivers/net/wireless/ath/ath12k/mac.c:4271 at ath12k_mac_op_change_vif_links+0x140/0x180 [ath12k], CPU#3: wpa_supplicant/275 Call trace: ath12k_mac_op_change_vif_links+0x140/0x180 [ath12k] (P) drv_change_vif_links+0xbc/0x1a4 [mac80211] ieee80211_vif_update_links+0x54c/0x6a0 [mac80211] ieee80211_vif_set_links+0x40/0x70 [mac80211] ieee80211_prep_connection+0x84/0x450 [mac80211] ieee80211_mgd_auth+0x200/0x480 [mac80211] ieee80211_auth+0x14/0x20 [mac80211] cfg80211_mlme_auth+0x90/0xf0 [cfg80211] nl80211_authenticate+0x32c/0x380 [cfg80211] genl_family_rcv_msg_doit+0xc8/0x134 Fix this issue by unassigning the link vif and clearing ahvif->links_map if arvif is only initialized but not created. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.5-01651-QCAHKSWPL_SILICONZ-1
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-03
Generated
2026-06-04
AI Q&A
2026-06-03
EPSS Evaluated
N/A
NVD
CVE-2026-46248
EUVD
EUVD-2026-34110
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's wifi driver ath12k. It occurs when an arvif (a virtual interface) is initialized in non-AP STA mode but the MLO connection preparation fails before the arvif is fully created (arvif->is_created remains false). In this error state, the code attempts to delete all links, but link deletion only happens if arvif->is_created is true. As a result, a stale link mapping remains in ahvif->links_map for an arvif that was initialized but not created.

When a new arvif is initialized with the same link ID, this stale mapping causes a warning (WARN_ON) in the kernel, indicating an unexpected state or potential issue in the wireless driver.

The fix involves unassigning the link vif and clearing the ahvif->links_map if the arvif is only initialized but not created, preventing stale entries and the resulting warnings.


How can this vulnerability impact me? :

This vulnerability can lead to stale link mappings in the wireless driver, which trigger kernel warnings and potentially unstable behavior in the wifi subsystem.

While the description does not explicitly mention remote code execution or privilege escalation, the presence of stale mappings and kernel warnings could cause instability or unexpected behavior in wireless connectivity, possibly affecting system reliability.

Users relying on affected Linux kernel versions with the ath12k driver might experience wifi connection issues or kernel warnings that could impact network performance or system logs.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring the system logs for specific warning messages related to the ath12k wireless driver.

  • Look for the warning message: "WARNING: drivers/net/wireless/ath/ath12k/mac.c:4271 at ath12k_mac_op_change_vif_links+0x140/0x180 [ath12k], CPU#X: wpa_supplicant/YYY" in the kernel logs.
  • Use the command: dmesg | grep ath12k_mac_op_change_vif_links to filter kernel messages related to this issue.
  • Check system logs with: journalctl -k | grep ath12k_mac_op_change_vif_links

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version where the issue has been fixed.

The fix involves clearing stale link mappings in the ath12k driver when an arvif is initialized but not created, preventing the stale entry from causing warnings or potential issues.

Until the update is applied, monitor for the warning messages and consider restarting the wireless interface or system to clear stale states.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart