VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Mar 25, 2026· Updated Apr 24, 2026

CVE-2026-23373

CVE-2026-23373

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config

This triggers a WARN_ON in ieee80211_hw_conf_init and isn't the expected behavior from the driver - other drivers default to 0 too.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel's rsi WiFi driver, the rsi_mac80211_config function incorrectly returns -EOPNOTSUPP, triggering a WARN_ON in ieee80211_hw_conf_init.

Vulnerability

Overview

In the Linux kernel's rsi WiFi driver, the rsi_mac80211_config function was found to return the error code -EOPNOTSUPP by default. This behavior is inconsistent with other wireless drivers, which typically return 0 to indicate success. The issue triggers a WARN_ON in the ieee80211_hw_conf_init function, as the kernel expects a successful return from the driver configuration response [1][2].

Root

Cause and Impact

The root cause is a logic error in the driver's configuration callback. Instead of returning 0 to signal that the configuration was handled (or that no action was needed), the driver returns -EOPNOTSUPP, which is interpreted as an operation not supported. This leads to a kernel warning being emitted, which can cause unnecessary log spam and potentially destabilize the system if the warning is treated as a bug [3][4].

Mitigation

The fix, which has been applied to the Linux kernel stable branches, changes the default return value to 0, aligning the driver's behavior with other wireless drivers and preventing the spurious warning. Users are advised to update their kernel to a version containing this patch has been applied to [1][2][3][4].

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!
  4. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

10
  • Linux/Kernel10 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.9.1,<6.12.77
    • cpe:2.3:o:linux:linux_kernel:6.9:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
    • (no CPE)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.