—

CVE-2026-53258EXPLOITEDPATCHED

linux · linux kernel

wifi: fix leak if split 6 GHz scanning fails

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: fix leak if split 6 GHz scanning fails rdev->int_scan_req is leaked if cfg80211_scan() fails. Note that it's supposed to be released at ___cfg80211_scan_done() but this doesn't happen as rdev->scan_req is NULL at that point, too, leading to the early return from the freeing function. unreferenced object 0xffff8881161d0800 (size 512): comm "wpa_supplicant", pid 379, jiffies 4294749765 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f0 81 13 16 81 88 ff ff ................ backtrace (crc c867fdb6): kmemleak_alloc+0x89/0x90 __kmalloc_noprof+0x2fd/0x410 cfg80211_scan+0x133/0x730 nl80211_trigger_scan+0xc69/0x1cc0 genl_family_rcv_msg_doit+0x204/0x2f0 genl_rcv_msg+0x431/0x6b0 netlink_rcv_skb+0x143/0x3f0 genl_rcv+0x27/0x40 netlink_unicast+0x4f6/0x820 netlink_sendmsg+0x797/0xce0 __sock_sendmsg+0xc4/0x160 ____sys_sendmsg+0x5e4/0x890 ___sys_sendmsg+0xf8/0x180 __sys_sendmsg+0x136/0x1e0 __x64_sys_sendmsg+0x76/0xc0 x64_sys_call+0x13f0/0x17d0.

Affected Products

Vendor	Product	Versions
linux	linux kernel	c8cb5b854b40f2ce52ccd032fa19750f4181d5fc, c8cb5b854b40f2ce52ccd032fa19750f4181d5fc, c8cb5b854b40f2ce52ccd032fa19750f4181d5fc, 5.10, 6.18.35, 7.0.12, 6.18.36, 7.0.13, 7.1

References

Related News (3 articles)

Tier A

Microsoft MSRC2h ago

CVE-2026-53258 wifi: fix leak if split 6 GHz scanning fails

→ No new info (linked only)

Tier C

VulDB3d ago

CVE-2026-53258 | Linux Kernel up to 6.18.35/7.0.12 wifi cfg80211_scan int_scan_req memory leak

→ No new info (linked only)

Tier C

Linux Kernel CVEs3d ago

CVE-2026-53258: wifi: fix leak if split 6 GHz scanning fails

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

6.18.367.0.137.1

PublishedJun 25, 2026

Last enriched2d agov3

Trending Score65

Source articles3

Independent3

Info Completeness8/14

Missing: cvss, epss, cwe, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-31431EXPKEV

crypto: algif_aead - Revert to operating out-of-place

Trending: 111

HIGHCVE-2026-43284EXPKEV

xfrm: esp: avoid in-place decrypt on shared skb frags

Trending: 106

HIGHCVE-2026-43500EXPKEV

rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present

Trending: 100

HIGHCVE-2026-46243EXP

smb: client: reject userspace cifs.spnego descriptions

Trending: 86

HIGHCVE-2026-46333EXP

ptrace: slightly saner 'get_dumpable()' logic

Trending: 70

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 25, 2026

Actively Exploited

Jun 25, 2026

Exploit Available

Jun 25, 2026

Patch Available

Jun 25, 2026

Discovered by ZDM

Jun 25, 2026

Updated: description, severity, affectedVersions

Jun 25, 2026

Updated: description, affectedVersions, exploitAvailable, activelyExploited, patchAvailable

Jun 25, 2026

Version History

Last enriched 2d ago

v3Tier C2d ago

Updated description with technical details, added affected versions, and marked exploit availability and active exploitation status as true.

descriptionaffectedVersionsexploitAvailableactivelyExploitedpatchAvailable

via Linux Kernel CVEs

v2Tier C3d ago

Updated severity to CRITICAL, added affected versions 6.18.35 and 7.0.12, and provided a new description with details about CVE-2026-53258.

descriptionseverityaffectedVersions

via VulDB

v13d ago

Initial creation

Description

Vendor

Product

Versions

linux

linux kernel

c8cb5b854b40f2ce52ccd032fa19750f4181d5fc, c8cb5b854b40f2ce52ccd032fa19750f4181d5fc, c8cb5b854b40f2ce52ccd032fa19750f4181d5fc, 5.10, 6.18.35, 7.0.12, 6.18.36, 7.0.13, 7.1