CVE-2026-46187

Published: May 28, 2026Modified: Jun 11, 2026

4.7

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.0 / Impact: 3.6

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exit(kthread_complete_and_exit) and external-stop (kthread_stop) when killing a kthread. Generally, kthread_stop() is called first, and in this case, no particular issues occur. However, in rare instances where kthread_complete_and_exit() is called first and then kthread_stop() is called, a UAF occurs because the kthread object, which has already exited and been freed, is accessed again. Therefore, to prevent this with minimal modification, you must remove kthread_stop() and change the code to wait until the self-exit operation is completed.

Affected (13)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.18.139 to 3.19
Linux Linux Kernel	From 4.14.113 to 4.15
Linux Linux Kernel	From 4.19.36 to 5.10.258
Linux Linux Kernel	From 4.4.179 to 4.5
Linux Linux Kernel	From 4.9.170 to 4.10
Linux Linux Kernel	From 5.11 to 5.15.209
Linux Linux Kernel	From 5.16 to 6.1.175
Linux Linux Kernel	From 6.13 to 6.18.30
Linux Linux Kernel	From 6.19 to 7.0.7
Linux Linux Kernel	From 6.2 to 6.6.140
Linux Linux Kernel	From 6.7 to 6.12.88
Linux Linux Kernel	Version 7.1 rc1
Linux Linux Kernel	Version 7.1 rc2