VYPR
High severity8.8NVD Advisory· Published May 28, 2026· Updated Jun 9, 2026

CVE-2026-46152

CVE-2026-46152

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: drop stray 'static' from fast-RX rx_result

ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but its per-invocation rx_result is declared static. Concurrent callers then share one instance and can overwrite each other's result between ieee80211_rx_mesh_data() and the switch on res.

That can make a packet that was queued or consumed by ieee80211_rx_mesh_data() fall through into ieee80211_rx_8023(), or make a packet that should continue return as queued.

Make res an automatic variable so each invocation keeps its own result.

Affected products

78

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.