Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: drop stray 'static' from fast-RX rx_result

ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but
its per-invocation rx_result is declared static. Concurrent callers then
share one instance and can overwrite each other's result between
ieee80211_rx_mesh_data() and the switch on res.

That can make a packet that was queued or consumed by
ieee80211_rx_mesh_data() fall through into ieee80211_rx_8023(), or make
a packet that should continue return as queued.

Make res an automatic variable so each invocation keeps its own result.
Published: 2026-05-28
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a data‑race caused by a static rx_result variable in the ieee80211_invoke_fast_rx function. Because the rx_result is shared among concurrent callers, one packet’s result can overwrite another’s before it is acted on. This can cause a packet that should be queued or dropped to slip through into the wrong receive path, or a packet that should be processed to be discarded. The behavior may lead to incorrect data delivery or service interruption, but it does not grant code execution or arbitrary memory manipulation.

Affected Systems

All Linux kernel releases that include the mac80211 wireless stack are affected. The issue does not list specific kernel versions, so any build that has not applied the commit that removes the static keyword is vulnerable.

Risk and Exploitability

No CVSS score or EPSS data is published, and the vulnerability is not listed in CISA’s KEV catalog. While the bug can degrade WiFi service quality or allow a crafted packet to bypass normal processing, no public exploitation has been reported. The likely attack vector would require an attacker to send specially crafted frames to a system with an active WiFi interface, suggesting the risk is moderate at best but mitigation is recommended.

Generated by OpenCVE AI on May 28, 2026 at 11:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel version that includes the commit removing the static rx_result variable.
  • Reboot the system so the updated kernel is loaded and all wireless drivers reinitialize.
  • Verify WiFi functionality in a test environment after the patch to confirm the race condition no longer occurs.

Generated by OpenCVE AI on May 28, 2026 at 11:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: drop stray 'static' from fast-RX rx_result ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but its per-invocation rx_result is declared static. Concurrent callers then share one instance and can overwrite each other's result between ieee80211_rx_mesh_data() and the switch on res. That can make a packet that was queued or consumed by ieee80211_rx_mesh_data() fall through into ieee80211_rx_8023(), or make a packet that should continue return as queued. Make res an automatic variable so each invocation keeps its own result.
Title wifi: mac80211: drop stray 'static' from fast-RX rx_result
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-28T09:36:08.211Z

Reserved: 2026-05-13T15:03:33.101Z

Link: CVE-2026-46152

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-28T10:16:30.827

Modified: 2026-05-28T10:16:30.827

Link: CVE-2026-46152

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T11:45:16Z

Weaknesses