In the Linux kernel, the following vulnerability has been resolved:
wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcn_tasklet
The irqpreparebcntasklet is initialized in rtlpciinit() and scheduled when RTLIMRBCNINT interrupt is triggered by hardware. But it is never killed in rtlpcideinit(). When the rtlwifi card probe fails or is being detached, the ieee80211hw is deallocated. However, irqpreparebcntasklet may still be running or pending, leading to use-after-free when the freed ieee80211hw is accessed in rtlpcipreparebcn_tasklet().
Similar to irqtasklet, add taskletkill() in rtlpcideinit() to ensure that irqpreparebcntasklet is properly terminated before the ieee80211hw is released.
The issue was identified through static analysis.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53112.json",
"cna_assigner": "Linux"
}