CVE-2026-53182

Source
https://cve.org/CVERecord?id=CVE-2026-53182
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53182.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53182
Downstream
Related
Published
2026-06-25T08:38:56.654Z
Modified
2026-07-08T08:11:30.749719119Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
wifi: nl80211: reject oversized EMA RNR lists
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: nl80211: reject oversized EMA RNR lists

nl80211parsernrelems() stores the parsed element count in a u8-backed cfg80211rnr_elems::cnt field and uses that count to size the flexible array allocation.

Reject nested NL80211ATTREMARNRELEMS input once the count reaches 255, before incrementing it again. This keeps the parser aligned with the data structure it fills and matches the existing bound check used by nl80211parsembssid_elems().

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53182.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
56189d7bc30531def6b999f27940ee43c6ff2569
Fixed
fc0ec2fc02dfe52c5821f36fbccf6a45df43f508
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
dbbb27e183b1568d5a907ace1cd144b0709ea52a
Fixed
688fcac7054abc680c0eef753f2bb772cfaf8cf7
Fixed
30c3fa80f423613efdda3deca4af52ff7d20e4e2
Fixed
265c07c09c837621730d35f02975207a1224bf05
Fixed
ecbf3c45add30a0857414e156bdb9c79906f0ff6
Fixed
4cd92957e8f8cc4ebfe8a5d4203c14c592fde6b1
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6.1.160
Fixed
6.1.176

Affected versions

v6.*
v6.1.160
v6.1.161
v6.1.162
v6.1.163
v6.1.164
v6.1.165
v6.1.166
v6.1.167
v6.1.168
v6.1.169
v6.1.170
v6.1.171
v6.1.172
v6.1.173
v6.1.174
v6.1.175

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53182.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.143
Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.12.94
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53182.json"