CVE-2026-23420 - Vulnerability Details

- wifi: wlcore: Fix a locking bug

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: wlcore: Fix a locking bug

Make sure that wl->mutex is locked before it is unlocked. This has been
detected by the Clang thread-safety analyzer.

Published: 2026-04-03

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A locking bug was discovered in the wlcore wireless driver of the Linux kernel. The code attempted to release wl->mutex without first acquiring it, a defect detected by the Clang thread‑safety analyzer. The weakness relates to improper lock acquisition/release (CWE-667) and mutable data access without proper control (CWE-832). Due to the absent lock, concurrent accesses could manifest as race conditions, potentially leading to undefined kernel‐level behavior.

Affected Systems

The issue is present in any Linux kernel that incorporates the wlcore driver before the applied fix. Associated CPE entries cover Linux kernel 4.19 and the 7.0 series release candidates from rc1 through rc7, meaning that distributions shipping those kernels—or derivatives that include them—could be vulnerable. No specific vendor product name beyond the generic Linux Kernel is available.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium severity. An EPSS score of less than 1% signals a low likelihood of exploitation, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that an attacker would need to influence the wlcore driver’s operation—likely through crafted Wi‑Fi traffic or other local interactions—to trigger the race condition. No active exploits are publicly documented, and the provided patch resolves the locking defect.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`45aa7f071b06c8481afed4c7b93e07c9584741e8`	affected	< 4ae8faf31b24c78653f4433298ee52813a56967a
`45aa7f071b06c8481afed4c7b93e07c9584741e8`	affected	< fc404390a386404cf9822d4091ccae1f61efcbcd
`45aa7f071b06c8481afed4c7b93e07c9584741e8`	affected	< 7ab511003c5ae3bf5364d7699a2e3ab1db513680
`45aa7f071b06c8481afed4c7b93e07c9584741e8`	affected	< aca4c9e4901b01b8b985993dc7df80bd1d1338bd
`45aa7f071b06c8481afed4c7b93e07c9584741e8`	affected	< 5feeea59ed142e15c3284d0b1a364c6786bf3487
`45aa7f071b06c8481afed4c7b93e07c9584741e8`	affected	< fcef983ad88832f3aa83491a174c345de57afbbd
`45aa7f071b06c8481afed4c7b93e07c9584741e8`	affected	< 1a1c28a08d74716f3f8e3a21c86b30d0ff13521a
`45aa7f071b06c8481afed4c7b93e07c9584741e8`	affected	< 72c6df8f284b3a49812ce2ac136727ace70acc7c

Linux

affected

Version	Status	Constraints
`4.19`	affected	—
`0`	unaffected	< 4.19
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.77`	unaffected	≤ 6.12.*
`6.18.17`	unaffected	≤ 6.18.*
`6.19.7`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:4.19:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[45aa7f071b06c8481afed4c7b93e07c9584741e8,7ab511003c5ae3bf5364d7699a2e3ab1db513680)`	affected	code_commit	—
`[45aa7f071b06c8481afed4c7b93e07c9584741e8,aca4c9e4901b01b8b985993dc7df80bd1d1338bd)`	affected	code_commit	—
`[45aa7f071b06c8481afed4c7b93e07c9584741e8,5feeea59ed142e15c3284d0b1a364c6786bf3487)`	affected	code_commit	—
`[45aa7f071b06c8481afed4c7b93e07c9584741e8,fcef983ad88832f3aa83491a174c345de57afbbd)`	affected	code_commit	—
`[45aa7f071b06c8481afed4c7b93e07c9584741e8,1a1c28a08d74716f3f8e3a21c86b30d0ff13521a)`	affected	code_commit	—
`[45aa7f071b06c8481afed4c7b93e07c9584741e8,72c6df8f284b3a49812ce2ac136727ace70acc7c)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.19`	affected	generic	—
`[0,4.19)`	unaffected	generic	—
`[6.1.167,6.1.*]`	unaffected	generic	—
`[6.6.130,6.6.*]`	unaffected	generic	—
`[6.12.77,6.12.*]`	unaffected	generic	—
`[6.18.17,6.18.*]`	unaffected	generic	—
`[7.0-rc3,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a Linux kernel update that contains the wlcore locking bug fix
If an update is not yet available, disable Wi‑Fi operations or unload the wlcore driver to keep the vulnerable code from executing
Monitor system logs for kernel instability events that may indicate driver‑related issues

Generated by OpenCVE AI on April 29, 2026 at 00:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00012.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1a1c28a08d74716f3f8e3a21c86b30d0ff13521a
https://git.kernel.org/stable/c/4ae8faf31b24c78653f4433298ee52813a56967a
https://git.kernel.org/stable/c/5feeea59ed142e15c3284d0b1a364c6786bf3487
https://git.kernel.org/stable/c/72c6df8f284b3a49812ce2ac136727ace70acc7c
https://git.kernel.org/stable/c/7ab511003c5ae3bf5364d7699a2e3ab1db513680
https://git.kernel.org/stable/c/aca4c9e4901b01b8b985993dc7df80bd1d1338bd
https://git.kernel.org/stable/c/fc404390a386404cf9822d4091ccae1f61efcbcd
https://git.kernel.org/stable/c/fcef983ad88832f3aa83491a174c345de57afbbd
https://lore.kernel.org/linux-cve-announce/2026040303-CVE-2026-23420-c110@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23420
https://www.cve.org/CVERecord?id=CVE-2026-23420

History

Fri, 24 Apr 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-667
CPEs		cpe:2.3:o:linux:linux_kernel:4.19:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

Sat, 18 Apr 2026 09:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/4ae8faf31b24c78653f4433298ee52813a56967a https://git.kernel.org/stable/c/fc404390a386404cf9822d4091ccae1f61efcbcd

Tue, 07 Apr 2026 08:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-362 CWE-366

Sat, 04 Apr 2026 01:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-832
References		https://lore.kernel.org/linux-cve-announce/2026040303-CVE-2026-23420-c110@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23420 https://www.cve.org/CVERecord?id=CVE-2026-23420
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Fri, 03 Apr 2026 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-362 CWE-366

Fri, 03 Apr 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Fix a locking bug Make sure that wl->mutex is locked before it is unlocked. This has been detected by the Clang thread-safety analyzer.
Title		wifi: wlcore: Fix a locking bug
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1a1c28a08d74716f3f8e3a21c86b30d0ff13521a https://git.kernel.org/stable/c/5feeea59ed142e15c3284d0b1a364c6786bf3487 https://git.kernel.org/stable/c/72c6df8f284b3a49812ce2ac136727ace70acc7c https://git.kernel.org/stable/c/7ab511003c5ae3bf5364d7699a2e3ab1db513680 https://git.kernel.org/stable/c/aca4c9e4901b01b8b985993dc7df80bd1d1338bd https://git.kernel.org/stable/c/fcef983ad88832f3aa83491a174c345de57afbbd

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-04-03T13:24:29.681Z

Updated: 2026-04-18T08:58:48.786Z

Reserved: 2026-01-13T15:37:46.014Z

Link: CVE-2026-23420

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-04-03T14:16:28.027

Modified: 2026-04-24T15:21:23.107

Link: CVE-2026-23420

Redhat

Severity : Moderate

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23420 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-29T00:45:26Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object