CVE-2026-31394
In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations ieee80211_chan_bw_change() iterates all stations and accesses link->reserved.oper via sta->sdata->link[link_id]. For stations on AP_VLAN interfaces (e.g. 4addr WDS clients), sta->sdata points to the VLAN sdata, whose link never participates in chanctx reservations. This leaves link->reserved.oper zero-initialized with chan == NULL, causing a NULL pointer dereference in __ieee80211_sta_cap_rx_bw() when accessing chandef->chan->band during CSA. Resolve the VLAN sdata to its parent AP sdata using get_bss_sdata() before accessing link data. [also change sta->sdata in ARRAY_SIZE even if it doesn't matter]
EPSS 0.02% · 3.2th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 6.19.10, 6.12.78, 6.18.20 |
| linux | linux_kernel | 0, 0, 0 |
Timeline
- Apr 3, 2026 CVE Published
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
- Apr 28, 2026 Security Advisory
References
- https://git.kernel.org/stable/c/65c25b588994dd422fea73fa322de56e1ae4a33b url
- https://git.kernel.org/stable/c/5a86d4e920d9783a198e39cf53f0e410fba5fbd6 url
- https://git.kernel.org/stable/c/3c6629e859a2211a1fbb4868f915413f80001ca5 url
- https://git.kernel.org/stable/c/672e5229e1ecfc2a3509b53adcb914d8b024a853 url
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33554 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34982 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33936 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21714 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21710 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-31394 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-29785 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-5201 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21713 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33216 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21715 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21716 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34714 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35177 advisory
- https://lists.debian.org/debian-security-announce/2026/msg00154.html advisory
- https://lists.debian.org/debian-security-announce/2026/msg00148.html advisory
…and 63 more