CVE-2026-53112

Source
https://cve.org/CVERecord?id=CVE-2026-53112
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53112.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53112
Downstream
Published
2026-06-24T16:30:45.359Z
Modified
2026-07-08T08:09:45.555898952Z
Summary
wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq_prepare_bcn_tasklet
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcn_tasklet

The irqpreparebcntasklet is initialized in rtlpciinit() and scheduled when RTLIMRBCNINT interrupt is triggered by hardware. But it is never killed in rtlpcideinit(). When the rtlwifi card probe fails or is being detached, the ieee80211hw is deallocated. However, irqpreparebcntasklet may still be running or pending, leading to use-after-free when the freed ieee80211hw is accessed in rtlpcipreparebcn_tasklet().

Similar to irqtasklet, add taskletkill() in rtlpcideinit() to ensure that irqpreparebcntasklet is properly terminated before the ieee80211hw is released.

The issue was identified through static analysis.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53112.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0c8173385e549f95cd80c3fff5aab87b4f881d8d
Fixed
ae10d4a1ab6bcaa1336abb171908a9a365761d3e
Fixed
fac1079e0fdec6df6d7562c21941587236dc3def
Fixed
e40873820c9d245ce482faa7ad514ebdb3b8d23d
Fixed
008c456b76e9070979bc0e763897a5d3b0fdd4dc
Fixed
7731b67bd59d1284d150cbe40a47e95a10613234
Fixed
aa10a452e34810987fb9f4a047995b30003fb53f
Fixed
3c0e8a3179e6325a7dc6ce221aef0e03d854ab4b
Fixed
039cd522dc70151da13329a5e3ae19b1736f468a

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53112.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.38
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53112.json"