Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: ath10k: fix dma_free_coherent() pointer

dma_alloc_coherent() allocates a DMA mapped buffer and stores the
addresses in XXX_unaligned fields. Those should be reused when freeing
the buffer rather than the aligned addresses.
Published: 2026-02-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel memory corruption
Action: Apply Patch
AI Analysis

Impact

A flaw in the ath10k wireless driver for the Linux kernel causes the DMA buffer freeing routine to use the wrong pointer. The allocation routine saves both aligned and unaligned addresses; the free routine should reuse the unaligned pointer but currently uses the aligned one. This mismatch can corrupt kernel memory, potentially allowing an attacker to alter kernel data structures. The official CVE text only states the risk of memory corruption; specific downstream effects such as privilege escalation are inferred but not explicitly documented in the input.

Affected Systems

All Linux kernel builds that include the ath10k driver and have not yet incorporated the fix commit are affected. This includes the generic Linux kernel and the 6.19 release‑candidate series from rc1 through rc6 as identified by the CPE strings. Users running any of these kernel versions without the patch are vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate likelihood of exploitation. The EPSS score of less than 1% suggests that the probability of an exploit being observed is very low. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require an attacker able to trigger a DMA operation in the ath10k driver, which could be achieved via crafted network traffic or malformed wireless packets, implying a local or remote network‑based attack vector. These details are inferred from the description rather than explicitly stated in the source.

Generated by OpenCVE AI on April 18, 2026 at 19:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel version that includes the commit fixing the dma_free_coherent pointer mismatch
  • If a suitable kernel update is not available, apply the upstream patch to the ath10k driver source and rebuild the kernel
  • Reboot the system after installing the patch and monitor kernel logs for signs of memory corruption or unexpected behavior

Generated by OpenCVE AI on April 18, 2026 at 19:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8162-1 Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN Ubuntu USN USN-8180-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8180-2 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8186-1 Linux kernel (Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8187-1 Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN Ubuntu USN USN-8188-1 Linux kernel (HWE) vulnerabilities
History

Sat, 18 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-762

Tue, 17 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Mon, 16 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Sat, 14 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses.
Title wifi: ath10k: fix dma_free_coherent() pointer
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-14T15:14:33.102Z

Reserved: 2026-01-13T15:37:45.971Z

Link: CVE-2026-23133

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-14T16:15:53.270

Modified: 2026-03-17T21:16:34.003

Link: CVE-2026-23133

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23133 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:45:08Z

Weaknesses