DEBIAN-CVE-2026-46248

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-46248

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-46248.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-46248

Upstream

CVE-2026-46248

Published

2026-06-03T18:16:25.097Z

Modified

2026-06-04T08:48:17.916019688Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif->linksmap When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif is created (arvif->iscreated remains false), the error path attempts to delete all links. However, link deletion only executes when arvif->iscreated is true. As a result, ahvif retains a stale entry of arvif that is initialized but not created. When a new arvif is initialized with the same link id, this stale mapping triggers the following WARNON. WARNING: drivers/net/wireless/ath/ath12k/mac.c:4271 at ath12kmacopchangeviflinks+0x140/0x180 [ath12k], CPU#3: wpasupplicant/275 Call trace: ath12kmacopchangeviflinks+0x140/0x180 [ath12k] (P) drvchangeviflinks+0xbc/0x1a4 [mac80211] ieee80211vifupdatelinks+0x54c/0x6a0 [mac80211] ieee80211vifsetlinks+0x40/0x70 [mac80211] ieee80211prepconnection+0x84/0x450 [mac80211] ieee80211mgdauth+0x200/0x480 [mac80211] ieee80211auth+0x14/0x20 [mac80211] cfg80211mlmeauth+0x90/0xf0 [cfg80211] nl80211authenticate+0x32c/0x380 [cfg80211] genlfamilyrcvmsgdoit+0xc8/0x134 Fix this issue by unassigning the link vif and clearing ahvif->linksmap if arvif is only initialized but not created. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.5-01651-QCAHKSWPLSILICONZ-1

References

https://security-tracker.debian.org/tracker/CVE-2026-46248

Affected packages

Debian:14 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source&distro=forky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.18.14-1

Affected versions

6.*

6.12.38-1

6.12.41-1

6.12.43-1~bpo12+1

6.12.43-1

6.12.48-1

6.12.57-1~bpo12+1

6.12.57-1

6.12.63-1~bpo12+1

6.12.63-1

6.12.69-1~bpo12+1

6.12.69-1

6.12.73-1~bpo12+1

6.12.73-1

6.12.74-1

6.12.74-2~bpo12+1

6.12.74-2

6.12.85-1~bpo12+1

6.12.85-1

6.12.86-1~bpo12+1

6.12.86-1

6.12.88-1~bpo12+1

6.12.88-1

6.12.90-1~bpo12+1

6.12.90-1

6.12.90-2~bpo12+1

6.12.90-2

6.13~rc6-1~exp1

6.13~rc7-1~exp1

6.13.2-1~exp1

6.13.3-1~exp1

6.13.4-1~exp1

6.13.5-1~exp1

6.13.6-1~exp1

6.13.7-1~exp1

6.13.8-1~exp1

6.13.9-1~exp1

6.13.10-1~exp1

6.13.11-1~exp1

6.14.3-1~exp1

6.14.5-1~exp1

6.14.6-1~exp1

6.15~rc7-1~exp1

6.15-1~exp1

6.15.1-1~exp1

6.15.2-1~exp1

6.15.3-1~exp1

6.15.4-1~exp1

6.15.5-1~exp1

6.15.6-1~exp1

6.16~rc7-1~exp1

6.16-1~exp1

6.16.1-1~exp1

6.16.3-1~bpo13+1

6.16.3-1

6.16.5-1

6.16.6-1

6.16.7-1

6.16.8-1

6.16.9-1

6.16.10-1

6.16.11-1

6.16.12-1~bpo13+1

6.16.12-1

6.16.12-2

6.17.2-1~exp1

6.17.5-1~exp1

6.17.6-1

6.17.7-1

6.17.7-2

6.17.8-1~bpo13+1

6.17.8-1

6.17.9-1

6.17.10-1

6.17.11-1

6.17.12-1

6.17.13-1~bpo13+1

6.17.13-1

6.18~rc4-1~exp1

6.18~rc4-1~exp2

6.18~rc5-1~exp1

6.18~rc6-1~exp1

6.18~rc7-1~exp1

6.18.1-1~exp1

6.18.2-1~exp1

6.18.3-1

6.18.5-1~bpo13+1

6.18.5-1

6.18.8-1

6.18.9-1~bpo13+1

6.18.9-1

6.18.10-1

6.18.12-1~bpo13+1

6.18.12-1

6.18.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-46248.json"