CVE-2026-23444

Source
https://cve.org/CVERecord?id=CVE-2026-23444
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23444.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-23444
Downstream
Related
Published
2026-04-03T15:15:28.464Z
Modified
2026-07-08T07:43:47.756988701Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: always free skb on ieee80211txprepare_skb() failure

ieee80211txprepareskb() has three error paths, but only two of them free the skb. The first error path (ieee80211txprepare() returning TXDROP) does not free it, while invoketxhandlers() failure and the fragmentation check both do.

Add kfreeskb() to the first error path so all three are consistent, and remove the now-redundant frees in callers (ath9k, mt76, mac80211hwsim) to avoid double-free.

Document the skb ownership guarantee in the function's kdoc.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23444.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
06be6b149f7e406bcf16098567f5a6c9f042bced
Fixed
905ef207d5ed99ca64adfe39fba9ac46e434327a
Fixed
5ef8ca1c164786da24169af155c1ca1ff1353cf8
Fixed
9a779d1f480e83720b5384adf165604e7ee226bd
Fixed
f77b51bcee7be2bb686b5f7a2d4a1921e4bdb9f4
Fixed
3b4d27acafaeab478fd24f79ad6e593a892828b9
Fixed
06e769dddcbeb3baf2ce346273b53dd61fdbecf4
Fixed
50f1b690b4868923fbd242298def2fb88662f108
Fixed
d5ad6ab61cbd89afdb60881f6274f74328af3ee9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23444.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.13.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.136
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.84
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.20
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23444.json"