Linux Kernel: static rx_result in mac80211 fast-RX causes packet misrouting
CVE-2026-46152 Published on May 28, 2026
wifi: mac80211: drop stray 'static' from fast-RX rx_result
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: drop stray 'static' from fast-RX rx_result
ieee80211_invoke_fast_rx() is documented as safe for parallel RX, but
its per-invocation rx_result is declared static. Concurrent callers then
share one instance and can overwrite each other's result between
ieee80211_rx_mesh_data() and the switch on res.
That can make a packet that was queued or consumed by
ieee80211_rx_mesh_data() fall through into ieee80211_rx_8023(), or make
a packet that should continue return as queued.
Make res an automatic variable so each invocation keeps its own result.
Vulnerability Analysis
CVE-2026-46152 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element
The code contains a function or method that operates in a multi-threaded environment but owns an unsafe non-final static storable or member data element.
Products Associated with CVE-2026-46152
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-46152 are published in these products:
Affected Versions
Linux:- Version 3468e1e0c639032a603450f0830ccabfa76f5806 and below 03584528bfffb195e384698af9148b94e42e3f14 is affected.
- Version 3468e1e0c639032a603450f0830ccabfa76f5806 and below 1739fc31b4de06c5c78ce0741182770fb079091e is affected.
- Version 3468e1e0c639032a603450f0830ccabfa76f5806 and below e131562d6f2b958148c35c98831b007f47f0e3d3 is affected.
- Version 3468e1e0c639032a603450f0830ccabfa76f5806 and below 3ef44f96ccc3e06e059dec57842e366f0c4b1893 is affected.
- Version 3468e1e0c639032a603450f0830ccabfa76f5806 and below 7a5b81e0c87a075afd572f659d8eb68c9c4cd2ba is affected.
- Version 6.4 is affected.
- Before 6.4 is unaffected.
- Version 6.6.140, <= 6.6.* is unaffected.
- Version 6.12.88, <= 6.12.* is unaffected.
- Version 6.18.30, <= 6.18.* is unaffected.
- Version 7.0.7, <= 7.0.* is unaffected.
- Version 7.1, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.