In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: drop stray 'static' from fast-RX rx_result
ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but
its per-invocation rx_result is declared static. Concurrent callers then
share one instance and can overwrite each other's result between
ieee80211_rx_mesh_data() and the switch on res.
That can make a packet that was queued or consumed by
ieee80211_rx_mesh_data() fall through into ieee80211_rx_8023(), or make
a packet that should continue return as queued.
Make res an automatic variable so each invocation keeps its own result.
| Score | Percentile |
|---|---|
| 0.17% | 6.30% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 8.8 | 3.1 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-j32m-c4xq-vrpg ↗ |
| CVE | CVE-2026-46152 ↗ |
| CWE id | Name |
|---|---|
| CWE-1058 | Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element |