Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task

Watchdog task might end between send_sig() and kthread_stop() calls, what
results in the use-after-free issue. Fix this by increasing watchdog task
reference count before calling send_sig() and dropping it by switching to
kthread_stop_put().
Published: 2026-05-28
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw exists in the brcmfmac wireless driver of the Linux kernel. When the watchdog thread is stopped, the driver may signal the thread and then immediately release its reference, leaving a dangling pointer. If an attacker can trigger this sequence, the kernel may dereference freed memory, which can lead to arbitrary code execution with kernel privileges. Based on the description, it is inferred that the flaw can be exploited via a race condition between send_sig() and the thread termination.

Affected Systems

Any Linux kernel that includes the brcmfmac driver is potentially affected. The advisory does not list specific kernel versions, so all installations using this driver should be reviewed and updated when the fix is available. Based on the description, it is inferred that any system with the brcmfmac driver compiled into the kernel is at risk.

Risk and Exploitability

EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, indicating no publicly known, widespread exploits. The CVSS score is 7.8, indicating a high severity. Nevertheless, because the flaw resides in kernel code, its exploitation would grant high‑privilege access. The risk remains significant if an attacker can influence the watchdog’s stop sequence, though no exploitation vector is documented in the available information. Based on the description, it is inferred that the likely attack vector is a race condition induced by stopping the watchdog thread from user space or another kernel component.

Generated by OpenCVE AI on June 11, 2026 at 04:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to a kernel version that incorporates the brcmfmac use‑after‑free fix, such as the latest distribution kernel releases.
  • If operating a custom kernel, cherry‑pick the commit that adds reference counting before send_sig() and replaces kthread_stop() with kthread_stop_put(), rebuild, and install the patched kernel.
  • If the brcmfmac driver cannot be updated or patched, disable it temporarily to prevent the defect from being exercised.

Generated by OpenCVE AI on June 11, 2026 at 04:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
CPEs cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 29 May 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-364
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Thu, 28 May 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task Watchdog task might end between send_sig() and kthread_stop() calls, what results in the use-after-free issue. Fix this by increasing watchdog task reference count before calling send_sig() and dropping it by switching to kthread_stop_put().
Title wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T18:00:40.767Z

Reserved: 2026-05-13T15:03:33.103Z

Link: CVE-2026-46180

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:33.643

Modified: 2026-06-11T03:00:18.130

Link: CVE-2026-46180

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46180 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T04:30:04Z

Weaknesses