GHSA-3jpp-f2wm-pcvvHighCVSS 7.8

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel...

Published
February 14, 2026
Last Modified
June 30, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mld: cancel mlo_scan_start_wk

mlo_scan_start_wk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to.

This can cause an init-after-queue issue: if, for example, the work was queued and then drv_change_interface got executed.

This can also cause use-after-free: if the work is executed after the vif is freed.

🔗 References (7)