—

CVE-2026-23444EXPLOITEDPATCHED

linux · linux kernel

wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure ieee80211_tx_prepare_skb() has three error paths, but only two of them free the skb. The first error path (ieee80211_tx_prepare() returning TX_DROP) does not free it, while invoke_tx_handlers() failure and the fragmentation check both do. Add kfree_skb() to the first error path so all three are consistent, and remove the now-redundant frees in callers (ath9k, mt76, mac80211_hwsim) to avoid double-free. Document the skb ownership guarantee in the function's kdoc.

Affected Products

Vendor	Product	Versions
linux	linux kernel	06be6b149f7e406bcf16098567f5a6c9f042bced, 06be6b149f7e406bcf16098567f5a6c9f042bced, 06be6b149f7e406bcf16098567f5a6c9f042bced, 3.13, 6.18.20, 6.19.10, 7.0-rc5, 6.18.19, 6.19.9, 7.0-rc4

References

Related News (2 articles)

Tier C

VulDB5h ago

CVE-2026-23444 | Linux Kernel up to 6.18.19/6.19.9/7.0-rc4 wifi ieee80211_tx_prepare_skb double free

→ No new info (linked only)

Tier C

Linux Kernel CVEs5h ago

CVE-2026-23444: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

06e769dddcbeb3baf2ce346273b53dd61fdbecf450f1b690b4868923fbd242298def2fb88662f108d5ad6ab61cbd89afdb60881f6274f74328af3ee906.18.206.19.107.0-rc5

PublishedApr 3, 2026

Last enriched4h agov3

Trending Score60

Source articles2

Independent2

Info Completeness8/14

Missing: cvss, epss, cwe, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-23461EXP

Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user

Trending: 60

CRITICALCVE-2026-23475EXP

spi: fix statistics allocation

Trending: 60

CRITICALCVE-2026-23452EXP

PM: runtime: Fix a race condition related to device removal

Trending: 60

CRITICALCVE-2026-23443EXP

ACPI: processor: Fix previous acpi_processor_errata_piix4() fix

Trending: 60

CRITICALCVE-2026-23467EXP

drm/i915/dmc: Fix an unlikely NULL pointer deference at probe

Trending: 60

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 3, 2026

Actively Exploited

Apr 3, 2026

Exploit Available

Apr 3, 2026

Patch Available

Apr 3, 2026

Discovered by ZDM

Apr 3, 2026

Updated: description, affectedVersions, severity, exploitAvailable, activelyExploited

Apr 3, 2026

Updated: severity, affectedVersions

Apr 3, 2026

Version History

Last enriched 4h ago

v3Tier C4h ago

Updated severity to CRITICAL, added new affected versions, and noted no available exploit.

severityaffectedVersions

via VulDB

v2Tier C4h ago

Updated description with more technical detail, added affected versions 6.18.20, 6.19.10, and 7.0-rc5, changed severity to HIGH, and marked exploit availability and active exploitation as true.

descriptionaffectedVersionsseverityexploitAvailableactivelyExploited

via Linux Kernel CVEs

v15h ago

Initial creation