FKIE_CVE-2026-23185

Vulnerability from fkie_nvd - Published: 2026-02-14 17:15 - Updated: 2026-02-18 17:52
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mlo_scan_start_wk mlo_scan_start_wk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to. This can cause an init-after-queue issue: if, for example, the work was queued and then drv_change_interface got executed. This can also cause use-after-free: if the work is executed after the vif is freed.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5ff641011ab7fb63ea101251087745d9826e8ef5
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/9b9f52f052f4953fecd2190ae2dde3aa76d10962
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mld: cancel mlo_scan_start_wk\n\nmlo_scan_start_wk is not canceled on disconnection. In fact, it is not\ncanceled anywhere except in the restart cleanup, where we don\u0027t really\nhave to.\n\nThis can cause an init-after-queue issue: if, for example, the work was\nqueued and then drv_change_interface got executed.\n\nThis can also cause use-after-free: if the work is executed after the\nvif is freed."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nwifi: iwlwifi: mld: cancelar mlo_scan_start_wk\n\nmlo_scan_start_wk no se cancela en la desconexi\u00f3n. De hecho, no se\ncancela en ning\u00fan otro lugar excepto en la limpieza de reinicio, donde\nrealmente no es necesario.\n\nEsto puede causar un problema de inicializaci\u00f3n despu\u00e9s de la cola: si,\npor ejemplo, el trabajo fue puesto en cola y luego se ejecut\u00f3\ndrv_change_interface.\n\nEsto tambi\u00e9n puede causar uso despu\u00e9s de liberaci\u00f3n: si el trabajo se\nejecuta despu\u00e9s de que se libera el vif."
    }
  ],
  "id": "CVE-2026-23185",
  "lastModified": "2026-02-18T17:52:22.253",
  "metrics": {},
  "published": "2026-02-14T17:15:56.273",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5ff641011ab7fb63ea101251087745d9826e8ef5"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/9b9f52f052f4953fecd2190ae2dde3aa76d10962"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.