CVE-2026-53102

Source
https://cve.org/CVERecord?id=CVE-2026-53102
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53102.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53102
Downstream
Published
2026-06-24T16:30:38.536Z
Modified
2026-07-08T08:13:45.515971393Z
Summary
wifi: mt76: Fix memory leak after mt76_connac_mcu_alloc_sta_req()
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: Fix memory leak after mt76connacmcuallocsta_req()

mt76connacmcuallocstareq() allocates an skb which is expected to be freed eventually by mt76mcuskbsend_msg(). However, currently if an intermediate function fails before sending, the allocated skb is leaked.

Specifically, mt76connacmcustawedupdate() and mt76connacmcustakeytlv() may fail, leading to an immediate memory leak in the error path.

Fix this by explicitly freeing the skb in these error paths. Commit 7c0f63fe37a5 ("wifi: mt76: mt7996: fix memory leak on mt7996mcustakeytlv error") made a similar change.

Compile tested only. Issue found using a prototype static analysis tool and code review.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53102.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6683d988089ce0e80bd859a9493333b6b272420e
Fixed
eb466406d2094deefadc2cd6ddb4f6eeb086d1b4
Fixed
c41075ce8cf05ed8c0e7b7efef000dce548ffc42

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53102.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.18.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53102.json"