Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: drop stray 'static' from fast-RX rx_result

ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but
its per-invocation rx_result is declared static. Concurrent callers then
share one instance and can overwrite each other's result between
ieee80211_rx_mesh_data() and the switch on res.

That can make a packet that was queued or consumed by
ieee80211_rx_mesh_data() fall through into ieee80211_rx_8023(), or make
a packet that should continue return as queued.

Make res an automatic variable so each invocation keeps its own result.
Published: 2026-05-28
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a data‑race caused by a static rx_result variable in the ieee80211_invoke_fast_rx function. Because the rx_result is shared among concurrent callers, one packet’s result can overwrite another’s before it is acted on. This can cause a packet that should be queued or dropped to slip through into the wrong receive path, or a packet that should be processed to be discarded. The behavior may lead to incorrect data delivery or service interruption, but it does not grant code execution or arbitrary memory manipulation.

Affected Systems

All Linux kernel releases that include the mac80211 wireless stack are affected. The issue does not list specific kernel versions, so any build that has not applied the commit that removes the static keyword is vulnerable.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity vulnerability. The EPSS score is less than 1%, implying a low likelihood of exploitation, and the vulnerability is not listed in CISA’s KEV catalog. While the bug can degrade WiFi service quality or allow a crafted packet to bypass normal processing, no public exploitation has been reported. The likely attack vector would require an attacker to send specially crafted frames to a system with an active WiFi interface, suggesting the risk is moderate at best but mitigation is recommended.

Generated by OpenCVE AI on June 9, 2026 at 22:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch that removes the static rx_result variable, addressing CWE‑1058 (improper initialization of static variable).
  • Reboot the system so the updated kernel loads and the race condition is eliminated through proper synchronization.
  • Test WiFi functions to ensure the race condition no longer occurs, confirming that the concurrency issue has been resolved.

Generated by OpenCVE AI on June 9, 2026 at 22:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*

Sat, 30 May 2026 11:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 29 May 2026 04:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1058
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Thu, 28 May 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rx_result ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but its per-invocation rx_result is declared static. Concurrent callers then share one instance and can overwrite each other's result between ieee80211_rx_mesh_data() and the switch on res. That can make a packet that was queued or consumed by ieee80211_rx_mesh_data() fall through into ieee80211_rx_8023(), or make a packet that should continue return as queued. Make res an automatic variable so each invocation keeps its own result.
Title wifi: mac80211: drop stray 'static' from fast-RX rx_result
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:58:25.196Z

Reserved: 2026-05-13T15:03:33.101Z

Link: CVE-2026-46152

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:30.827

Modified: 2026-06-09T21:06:47.187

Link: CVE-2026-46152

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46152 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:00:15Z

Weaknesses
  • CWE-1058

    Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element

  • NVD-CWE-noinfo