CVE-2026-23246

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23246
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23246.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-23246
Downstream
Published
2026-03-18T10:05:08.312Z
Modified
2026-04-02T13:12:17.925381Z
Summary
wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: bounds-check linkid in ieee80211ml_reconfiguration

linkid is taken from the ML Reconfiguration element (control & 0x000f), so it can be 0..15. linkremovaltimeout[] has IEEE80211MLDMAXNUMLINKS (15) elements, so index 15 is out-of-bounds. Skip subelements with linkid >= IEEE80211MLDMAXNUMLINKS to avoid a stack out-of-bounds write.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23246.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8eb8dd2ffbbb6b0b8843b66754ee9f129f1b2d6c
Fixed
650981e718e68005ca2760a6358134b8a98ebea4
Fixed
bfde158d5d1322c0c2df398a8d1ccce04943be2e
Fixed
f35ceec54d48e227fa46f8f97fd100a77b8eab15
Fixed
d58d71c2167601762351962b9604808d3be94400
Fixed
162d331d833dc73a3e905a24c44dd33732af1fc5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23246.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.5.0
Fixed
6.6.130
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.77
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.17
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.7

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23246.json"