CVE-2026-46187
4.7 MEDIUMIn the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-...
Published: 2026-05-28 · Last updated: 2026-06-11
Severity and scoring
- CVSS
- 4.7 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-362
Affected products
| Vendor | Product |
|---|---|
| linux | linux_kernel |
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exit(kthread_complete_and_exit) and external-stop (kthread_stop) when killing a kthread. Generally, kthread_stop() is called first, and in this case, no particular issues occur. However, in rare instances where kthread_complete_and_exit() is called first and then kthread_stop() is called, a UAF occurs because the kthread object, which has already exited and been freed, is accessed again. Therefore, to prevent this with minimal modification, you must remove kthread_stop() and change the code to wait until the self-exit operation is completed.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-46187
- [Patch]https://git.kernel.org/stable/c/16d9f674c619838bdeae42abc0929c9c5477ea1f
- [Patch]https://git.kernel.org/stable/c/4ac3095da22fc50e51ec10c3b8323c21ab3e441a
- [Patch]https://git.kernel.org/stable/c/4f4c9b13c485abd0a2d2c97f9db339d1dd8e147f
- [Patch]https://git.kernel.org/stable/c/4f697813162d5f9151726a6d2bee82bffe4b0256
- [Patch]https://git.kernel.org/stable/c/4f9a4ae8d2c198f01611ea376034c326ef43ab56
- [Patch]https://git.kernel.org/stable/c/95fcb436586dc3c2983537d557ac05bbc6a027f3
- [Patch]https://git.kernel.org/stable/c/9dfe8a4458a063c6433526bc59112a169eee1aa3
- [Patch]https://git.kernel.org/stable/c/db57a1aa54ff68669781976e4edb045e09e2b65b
Related CVEs
Same vendor
- CVE-2026-46273 — In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapt... (8.6 HIGH)
- CVE-2026-46272 — In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode ... (4.7 MEDIUM)
- CVE-2026-46271 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi... (7.8 HIGH)
- CVE-2026-46270 — In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() ... (8.4 HIGH)
- CVE-2026-46269 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing dev... (5.5 MEDIUM)
Same CWE
- CVE-2026-48708 — OliveTin gives access to predefined shell commands from a web interface (7.5 HIGH)
- CVE-2026-54229 — A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method (7.0 HIGH)
- CVE-2026-12022 — Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process ... (8.3 HIGH)
- CVE-2026-46693 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.1 MEDIUM)
- CVE-2026-44693 — Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker (8.8 HIGH)