VDB

CVE-2026-23185

CVE-2026-23185 PUBLISHED CVSS 7.800000190734863 HIGH

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mlo_scan_start_wk mlo_scan_start_wk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to. This can cause an init-after-queue issue: if, for example, the work was queued and then drv_change_interface got executed. This can also cause use-after-free: if the work is executed after the vif is freed.

EPSS 0.02% · 5.5th percentile

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.02%
5.5th percentile

Affected Products

VendorProductVersions
LinuxLinux9748ad82a9d92b036ff3115207e36e2b9932e354, 9748ad82a9d92b036ff3115207e36e2b9932e354, 6.17
linuxlinux_kernel6.17, 6.19, 6.19

Exploit Intelligence

Timeline

  • Jan 13, 2026 CVE ID Reserved
  • Feb 14, 2026 CVE Published
  • Feb 15, 2026 EPSS Score
  • Feb 17, 2026 EPSS Score
  • Feb 19, 2026 EPSS Score
  • Feb 21, 2026 EPSS Score
  • Feb 22, 2026 EPSS Score
  • Feb 24, 2026 EPSS Score
  • Feb 26, 2026 EPSS Score
  • Feb 28, 2026 EPSS Score
  • Mar 2, 2026 EPSS Score
  • Mar 4, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›