Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: wlcore: Fix a locking bug

Make sure that wl->mutex is locked before it is unlocked. This has been
detected by the Clang thread-safety analyzer.
Published: 2026-04-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential kernel instability and denial of service
Action: Apply patch
AI Analysis

Impact

The vulnerability is a locking bug in the wlcore wireless driver of the Linux kernel. The code failed to acquire the wl->mutex before unlocking, which was detected by the Clang thread‑safety analyzer. This weak use of a mutex can lead to race conditions and potentially corrupt kernel state, causing instability or a crash. The weakness is categorized as CWE‑832, indicating mutable data accessed without controlling access.

Affected Systems

The bug affects the Linux kernel, specifically the wlcore wireless driver. No specific kernel version is listed, so any installation that includes wlcore before the fix may be vulnerable. The affected products are all distributions that ship with the Linux kernel containing this driver.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not part of the CISA KEV catalog, and no public exploits are currently reported. Exploitation would require influencing the timing of Wi‑Fi driver operations, likely demanding local network access or malicious Wi‑Fi packets; however, the exact attack vector is not specified in the advisory. The available patch mitigates the risk immediately.

Generated by OpenCVE AI on April 7, 2026 at 09:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel update that includes the wlcore locking bug patch
  • Verify that the installed kernel includes the commit that fixes the wl->mutex misuse
  • If an update cannot be applied immediately, disable Wi‑Fi functionality or unload the wlcore driver until a patch is available

Generated by OpenCVE AI on April 7, 2026 at 09:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CWE-366

Sat, 04 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-832
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CWE-366

Fri, 03 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Fix a locking bug Make sure that wl->mutex is locked before it is unlocked. This has been detected by the Clang thread-safety analyzer.
Title wifi: wlcore: Fix a locking bug
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-03T13:24:29.681Z

Reserved: 2026-01-13T15:37:46.014Z

Link: CVE-2026-23420

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-03T14:16:28.027

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-23420

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23420 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:54:16Z

Weaknesses