CVE-2026-53258 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: fix leak if split 6 GHz scanning fails

rdev->int_scan_req is leaked if cfg80211_scan() fails. Note that it's
supposed to be released at ___cfg80211_scan_done() but this doesn't happen
as rdev->scan_req is NULL at that point, too, leading to the early return
from the freeing function.

unreferenced object 0xffff8881161d0800 (size 512):
comm "wpa_supplicant", pid 379, jiffies 4294749765
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 f0 81 13 16 81 88 ff ff ................
backtrace (crc c867fdb6):
kmemleak_alloc+0x89/0x90
__kmalloc_noprof+0x2fd/0x410
cfg80211_scan+0x133/0x730
nl80211_trigger_scan+0xc69/0x1cc0
genl_family_rcv_msg_doit+0x204/0x2f0
genl_rcv_msg+0x431/0x6b0
netlink_rcv_skb+0x143/0x3f0
genl_rcv+0x27/0x40
netlink_unicast+0x4f6/0x820
netlink_sendmsg+0x797/0xce0
__sock_sendmsg+0xc4/0x160
____sys_sendmsg+0x5e4/0x890
___sys_sendmsg+0xf8/0x180
__sys_sendmsg+0x136/0x1e0
__x64_sys_sendmsg+0x76/0xc0
x64_sys_call+0x13f0/0x17d0

Found by Linux Verification Center (linuxtesting.org).

Published: 2026-06-25

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An unreferenced kernel memory object is left allocated when a 6 GHz Wi‑Fi scan fails. The rdev->int_scan_req structure is never freed because the cleanup path is bypassed, resulting in a memory leak that gradually consumes system RAM and can deteriorate kernel responsiveness

Affected Systems

All Linux kernel builds incorporating the affected wireless driver code before the patch, across all vendor distributions that use the upstream kernel. The issue is reported as a Linux kernel bug rather than a particular distribution package

Risk and Exploitability

The flaw is confined to a driver‑level memory allocation path and does not grant credential elevation or code execution. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. While exploitation is unlikely to be public, repeated failures could cause memory exhaustion and disrupt kernel operations

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`c8cb5b854b40f2ce52ccd032fa19750f4181d5fc`	affected	< fb8db813eba2e56ee001c9fb5c2ce2cb78c42642
`c8cb5b854b40f2ce52ccd032fa19750f4181d5fc`	affected	< a24134ddc18b4d440714365637d440b7121447b9
`c8cb5b854b40f2ce52ccd032fa19750f4181d5fc`	affected	< e8694f7cc29287e843648d1075177b9a2000d957

Linux

affected

Version	Status	Constraints
`5.10`	affected	—
`0`	unaffected	< 5.10
`6.18.36`	unaffected	≤ 6.18.*
`7.0.13`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to the latest release that contains the patched code for the wifi scanning path
If an immediate kernel update is not possible, disable 6 GHz Wi‑Fi scanning or the interface that triggers the failing scan to prevent the leak from occurring
After applying the update or disabling scanning, monitor kernel memory usage for any unexpected growth using appropriate kernel monitoring tools

Generated by OpenCVE AI on June 25, 2026 at 12:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00161.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/a24134ddc18b4d440714365637d440b7121447b9
https://git.kernel.org/stable/c/e8694f7cc29287e843648d1075177b9a2000d957
https://git.kernel.org/stable/c/fb8db813eba2e56ee001c9fb5c2ce2cb78c42642

History

Thu, 25 Jun 2026 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev->int_scan_req is leaked if cfg80211_scan() fails. Note that it's supposed to be released at ___cfg80211_scan_done() but this doesn't happen as rdev->scan_req is NULL at that point, too, leading to the early return from the freeing function. unreferenced object 0xffff8881161d0800 (size 512): comm "wpa_supplicant", pid 379, jiffies 4294749765 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f0 81 13 16 81 88 ff ff ................ backtrace (crc c867fdb6): kmemleak_alloc+0x89/0x90 __kmalloc_noprof+0x2fd/0x410 cfg80211_scan+0x133/0x730 nl80211_trigger_scan+0xc69/0x1cc0 genl_family_rcv_msg_doit+0x204/0x2f0 genl_rcv_msg+0x431/0x6b0 netlink_rcv_skb+0x143/0x3f0 genl_rcv+0x27/0x40 netlink_unicast+0x4f6/0x820 netlink_sendmsg+0x797/0xce0 __sock_sendmsg+0xc4/0x160 ____sys_sendmsg+0x5e4/0x890 ___sys_sendmsg+0xf8/0x180 __sys_sendmsg+0x136/0x1e0 __x64_sys_sendmsg+0x76/0xc0 x64_sys_call+0x13f0/0x17d0 Found by Linux Verification Center (linuxtesting.org).
Title		wifi: fix leak if split 6 GHz scanning fails
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/a24134ddc18b4d440714365637d440b7121447b9 https://git.kernel.org/stable/c/e8694f7cc29287e843648d1075177b9a2000d957 https://git.kernel.org/stable/c/fb8db813eba2e56ee001c9fb5c2ce2cb78c42642

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:39:47.917Z

Updated: 2026-06-25T08:39:47.917Z

Reserved: 2026-06-09T07:44:35.394Z

Link: CVE-2026-53258

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-25T12:15:03Z

Weaknesses

CWE-772
Missing Release of Resource after Effective Lifetime

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object