CVE Catalog

CVE-2026-46166

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the mac80211 subsystem due to unsafe list iteration in the radar detect work function. Calling ieee80211_dfs_cac_cancel can free and remove the iterated chanctx from the list, leading to a slab-use-after-free error.

Risk Assessment

The risk includes potential system instability, kernel panic, or privilege escalation by a local attacker, compromising system integrity and availability.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit with safe list iteration). Monitor official security advisories from your Linux distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211_dfs_cac_cancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-after-free error.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS