CVE-2026-53258 | wifi: fix leak if split 6 GHz scanning fails

In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev->int_scan_req is leaked if cfg80211_scan() fails. Note that it's supposed to be released at ___cfg80211_scan_done() but this doesn't happen as rdev->scan_req is NULL at that point, too, leading to the early return from the freeing function. unreferenced object 0xffff8881161d0800 (size 512): comm "wpa_supplicant", pid 379, jiffies 4294749765 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f0 81 13 16 81 88 ff ff ................ backtrace (crc c867fdb6): kmemleak_alloc+0x89/0x90 __kmalloc_noprof+0x2fd/0x410 cfg80211_scan+0x133/0x730 nl80211_trigger_scan+0xc69/0x1cc0 genl_family_rcv_msg_doit+0x204/0x2f0 genl_rcv_msg+0x431/0x6b0 netlink_rcv_skb+0x143/0x3f0 genl_rcv+0x27/0x40 netlink_unicast+0x4f6/0x820 netlink_sendmsg+0x797/0xce0 __sock_sendmsg+0xc4/0x160 ____sys_sendmsg+0x5e4/0x890 ___sys_sendmsg+0xf8/0x180 __sys_sendmsg+0x136/0x1e0 __x64_sys_sendmsg+0x76/0xc0 x64_sys_call+0x13f0/0x17d0 Found by Linux Verification Center (linuxtesting.org).

公開: 2026-06-25 最終更新: 2026-06-25 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 ソース: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD ステータス:ReceivedCVE の状態: published
参照: NVD, CVE.org, EUVD, JVN

CVE-2026-53258 は低リスク(5.7/100)。悪用される可能性が高い(EPSS 0.16%、6 パーセンタイル) 総合リスクは低く緊急対応は不要です。通常の保守サイクルでパッチを適用し、CVSS / EPSS が上昇したら優先度を見直してください。

リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。

CVE-2026-53258 の EPSS(Exploit Prediction Scoring System)スコア

EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。

# 日付 旧 EPSS スコア 新 EPSS スコア Δ(新 − 旧)
1 2026-06-25 0.16%

EPSS の全履歴 (全 1 件)

CVE-2026-53258 の CVSS(Common Vulnerability Scoring System)指標

この CVE の CVSS 指標。

この CVE のデータセットに CVSS はありません。

CVE-2026-53258 の弱点分類(列挙)

CVE-2026-53258 の GitHub Security Advisory

GHSA-pw6x-273j-mp83 · 深刻度: unknown — In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6...

CVE-2026-53258 の OS トラッカー

vendor priority summary link
debian not yet assigned CVE-2026-53258 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): open 3, resolved 2. https://security-tracker.debian.org/tracker/CVE-2026-53258
suse medium CVE-2026-53258 severity moderate: SUSE including 14 source package names (cluster-md-kmp-default, dlm-kmp-default, …), 53 product×package rows across 12 product lines (SUSE Linux Enterprise Live Patching 12 SP5, SUSE Linux Enterprise Micro 5.0, … (12 product lines)): Known Not Affected 53. https://www.suse.com/security/cve/CVE-2026-53258/
ubuntu medium CVE-2026-53258 medium priority: Ubuntu including 161 source packages (linux, linux-allwinner-5.19, …), 1449 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1045, ignored 172, needed 97, released 87, not-affected 45, needs-triage 3. https://ubuntu.com/security/CVE-2026-53258

CVE-2026-53258 の影響を受けるソフトウェア/構成

ベンダー 製品 バージョン 生の CPE
linux linux_kernel >= 5.10, < 6.18.36 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 5.10, < 7.0.13 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linux linux_kernel >= 5.10, < 7.1 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

CVE-2026-53258 の参考情報

cvelogic Threat Intelligence