VDB
CVE-2026-23444
CVE-2026-23444
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure ieee80211_tx_prepare_skb() has three error paths, but only two of them free the skb. The first error path (ieee80211_tx_prepare() returning TX_DROP) does not free it, while invoke_tx_handlers() failure and the fragmentation check both do. Add kfree_skb() to the first error path so all three are consistent, and remove the now-redundant frees in callers (ath9k, mt76, mac80211_hwsim) to avoid double-free. Document the skb ownership guarantee in the function's kdoc.
EPSS 0.02% · 3.5th percentile
Risk Scores
EPSS Score
0.02%
3.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 3.13, 3.13, 3.13 |
| Linux | Linux | 06be6b149f7e406bcf16098567f5a6c9f042bced, 06be6b149f7e406bcf16098567f5a6c9f042bced, 6.18.20 |
Timeline
- Apr 3, 2026 CVE Published
- Apr 27, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score
References
- https://git.kernel.org/stable/c/06e769dddcbeb3baf2ce346273b53dd61fdbecf4 url
- https://git.kernel.org/stable/c/50f1b690b4868923fbd242298def2fb88662f108 url
- https://git.kernel.org/stable/c/d5ad6ab61cbd89afdb60881f6274f74328af3ee9 url
- https://lists.debian.org/debian-security-announce/2026/msg00154.html advisory
- https://lists.debian.org/debian-security-announce/2026/msg00148.html advisory