CVE-2026-46187
EUVD-2026-3281428.05.2026, 10:16
In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exit(kthread_complete_and_exit) and external-stop (kthread_stop) when killing a kthread. Generally, kthread_stop() is called first, and in this case, no particular issues occur. However, in rare instances where kthread_complete_and_exit() is called first and then kthread_stop() is called, a UAF occurs because the kthread object, which has already exited and been freed, is accessed again. Therefore, to prevent this with minimal modification, you must remove kthread_stop() and change the code to wait until the self-exit operation is completed.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 3.18.139 ≤ 𝑥 < 3.19 |
| linux | linux_kernel | 4.4.179 ≤ 𝑥 < 4.5 |
| linux | linux_kernel | 4.9.170 ≤ 𝑥 < 4.10 |
| linux | linux_kernel | 4.14.113 ≤ 𝑥 < 4.15 |
| linux | linux_kernel | 4.19.36 ≤ 𝑥 < 5.10.258 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.209 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 6.1.175 |
| linux | linux_kernel | 6.2 ≤ 𝑥 < 6.6.140 |
| linux | linux_kernel | 6.7 ≤ 𝑥 < 6.12.88 |
| linux | linux_kernel | 6.13 ≤ 𝑥 < 6.18.30 |
| linux | linux_kernel | 6.19 ≤ 𝑥 < 7.0.7 |
| linux | linux_kernel | 7.1:rc1 |
| linux | linux_kernel | 7.1:rc2 |
𝑥
= Vulnerable software versions
Debian Releases
Vulnerability Media Exposure
References