CVE-2026-53258
Received Received - Intake
Memory Leak in Linux Kernel WiFi Subsystem

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev->int_scan_req is leaked if cfg80211_scan() fails. Note that it's supposed to be released at ___cfg80211_scan_done() but this doesn't happen as rdev->scan_req is NULL at that point, too, leading to the early return from the freeing function. unreferenced object 0xffff8881161d0800 (size 512): comm "wpa_supplicant", pid 379, jiffies 4294749765 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f0 81 13 16 81 88 ff ff ................ backtrace (crc c867fdb6): kmemleak_alloc+0x89/0x90 __kmalloc_noprof+0x2fd/0x410 cfg80211_scan+0x133/0x730 nl80211_trigger_scan+0xc69/0x1cc0 genl_family_rcv_msg_doit+0x204/0x2f0 genl_rcv_msg+0x431/0x6b0 netlink_rcv_skb+0x143/0x3f0 genl_rcv+0x27/0x40 netlink_unicast+0x4f6/0x820 netlink_sendmsg+0x797/0xce0 __sock_sendmsg+0xc4/0x160 ____sys_sendmsg+0x5e4/0x890 ___sys_sendmsg+0xf8/0x180 __sys_sendmsg+0x136/0x1e0 __x64_sys_sendmsg+0x76/0xc0 x64_sys_call+0x13f0/0x17d0 Found by Linux Verification Center (linuxtesting.org).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-53258
EUVD
EUVD-2026-39209
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's WiFi subsystem. Specifically, when a 6 GHz scanning operation fails, a memory leak occurs because the scan request object (rdev->int_scan_req) is not properly released. The function that is supposed to free this object does not do so because the scan request pointer is NULL at the time it attempts to free it, leading to the object being leaked.

Impact Analysis

The impact of this vulnerability is a memory leak in the Linux kernel's WiFi scanning process. Over time, repeated failures in 6 GHz scanning could cause increased memory consumption, potentially leading to degraded system performance or instability. This could affect devices relying on the Linux kernel for WiFi connectivity, especially those frequently scanning 6 GHz networks.

Detection Guidance

This vulnerability involves a memory leak in the Linux kernel's wifi scanning functionality, specifically when split 6 GHz scanning fails. Detection would require monitoring for leaked scan request objects related to cfg80211_scan failures.

Since the leak involves the rdev->scan_req pointer not being freed properly, one way to detect it is by checking for unreferenced kernel memory objects related to wifi scanning, possibly using kernel memory leak detection tools such as kmemleak.

Commands to help detect this might include enabling and checking kmemleak reports:

  • echo scan > /sys/kernel/debug/kmemleak
  • cat /sys/kernel/debug/kmemleak

Additionally, monitoring system logs for messages related to wifi scanning failures or unusual behavior in wpa_supplicant processes might help identify the issue.

Mitigation Strategies

The vulnerability has been resolved in the Linux kernel by fixing the leak when split 6 GHz scanning fails. The immediate mitigation step is to update the Linux kernel to a version that includes this fix.

Until the kernel is updated, minimizing or disabling 6 GHz wifi scanning features might reduce the chance of triggering the leak.

Regularly monitor system stability and memory usage related to wifi scanning processes, and consider restarting network services or the system if leaks are suspected.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53258. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart