CVE-2026-53258— wifi: fix leak if split 6 GHz scanning fails
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-53258
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
wifi: fix leak if split 6 GHz scanning fails
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev->int_scan_req is leaked if cfg80211_scan() fails. Note that it's supposed to be released at ___cfg80211_scan_done() but this doesn't happen as rdev->scan_req is NULL at that point, too, leading to the early return from the freeing function. unreferenced object 0xffff8881161d0800 (size 512): comm "wpa_supplicant", pid 379, jiffies 4294749765 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f0 81 13 16 81 88 ff ff ................ backtrace (crc c867fdb6): kmemleak_alloc+0x89/0x90 __kmalloc_noprof+0x2fd/0x410 cfg80211_scan+0x133/0x730 nl80211_trigger_scan+0xc69/0x1cc0 genl_family_rcv_msg_doit+0x204/0x2f0 genl_rcv_msg+0x431/0x6b0 netlink_rcv_skb+0x143/0x3f0 genl_rcv+0x27/0x40 netlink_unicast+0x4f6/0x820 netlink_sendmsg+0x797/0xce0 __sock_sendmsg+0xc4/0x160 ____sys_sendmsg+0x5e4/0x890 ___sys_sendmsg+0xf8/0x180 __sys_sendmsg+0x136/0x1e0 __x64_sys_sendmsg+0x76/0xc0 x64_sys_call+0x13f0/0x17d0 Found by Linux Verification Center (linuxtesting.org).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-53258
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-53258
请登录查看更多情报信息。
Other References for CVE-2026-53258 (3)
Same Patch Batch · Linux · 2026-06-25 · 147 CVEs total
| CVE-2026-53185 | zram: fix use-after-free in zram_bvec_write_partial() | |
| CVE-2026-53167 | fuse: limit FUSE_NOTIFY_RETRIEVE to uptodate folios | |
| CVE-2026-53168 | fuse: reject fuse_notify() pagecache ops on directories | |
| CVE-2026-53169 | accel/ethosu: reject NPU_OP_RESIZE commands from userspace | |
| CVE-2026-53171 | accel/ethosu: fix arithmetic issues in dma_length() | |
| CVE-2026-53170 | accel/ethosu: reject DMA commands with uninitialized length | |
| CVE-2026-53172 | accel/ethosu: fix IFM region index out-of-bounds in command stream parser | |
| CVE-2026-53174 | ovl: keep err zero after successful ovl_cache_get() | |
| CVE-2026-53173 | accel/ethosu: fix OOB write in ethosu_gem_cmdstream_copy_and_validate() | |
| CVE-2026-53175 | inet: frags: fix use-after-free caused by the fqdir_pre_exit() flush | |
| CVE-2026-53177 | bnxt_en: Fix NULL pointer dereference | |
| CVE-2026-53176 | IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN | |
| CVE-2026-53178 | staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction | |
| CVE-2026-53180 | timers/migration: Fix livelock in tmigr_handle_remote_up() | |
| CVE-2026-53179 | staging: rtl8723bs: fix buffer over-read in rtw_update_protection | |
| CVE-2026-53181 | vsock/vmci: fix sk_ack_backlog leak on failed handshake | |
| CVE-2026-53182 | wifi: nl80211: reject oversized EMA RNR lists | |
| CVE-2026-53183 | mptcp: allow subflow rcv wnd to shrink | |
| CVE-2026-53184 | udp: clear skb->dev before running a sockmap verdict | |
| CVE-2026-53196 | USB: serial: io_ti: fix heap overflow in get_manuf_info() |
Showing top 20 of 147 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-53277
KVM: arm64: Take the SRCU lock for page table walks in fault - CVE-2026-53276
Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer - CVE-2026-53275
ipv6: mcast: Fix use-after-free when processing MLD queries - CVE-2026-53274
net/smc: fix sleep-inside-lock in __smc_setsockopt() causing - CVE-2026-53273
tee: optee: prevent use-after-free when the client exits bef
Same vendor: Linux
- CVE-2026-53277
KVM: arm64: Take the SRCU lock for page table walks in fault - CVE-2026-53276
Bluetooth: ISO: Fix a use-after-free of the hci_conn pointer - CVE-2026-53275
ipv6: mcast: Fix use-after-free when processing MLD queries - CVE-2026-53274
net/smc: fix sleep-inside-lock in __smc_setsockopt() causing - CVE-2026-53273
tee: optee: prevent use-after-free when the client exits bef
V. Comments for CVE-2026-53258
No comments yet