Linux Kernel brcmfmac Watchdog UAF on Stop
CVE-2026-46180 Published on May 28, 2026
wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task
In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task
Watchdog task might end between send_sig() and kthread_stop() calls, what
results in the use-after-free issue. Fix this by increasing watchdog task
reference count before calling send_sig() and dropping it by switching to
kthread_stop_put().
Products Associated with CVE-2026-46180
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version a9ffda88be7416b8336f644806c2b3ed3ce08b26 and below a21f735fb1017ef89c6f9dbf4d799513b4e7bd5a is affected.
- Version a9ffda88be7416b8336f644806c2b3ed3ce08b26 and below df2e90d6a9955510f24f1dada78cfc439fd9fa88 is affected.
- Version a9ffda88be7416b8336f644806c2b3ed3ce08b26 and below d616bb10de79e5c2bd8a24230a1128aeaf715615 is affected.
- Version a9ffda88be7416b8336f644806c2b3ed3ce08b26 and below ed4168d1a50fef5be8eca947fbbf05a28507d265 is affected.
- Version a9ffda88be7416b8336f644806c2b3ed3ce08b26 and below d16827cb1d3936f7627d0da6044483f743ebde03 is affected.
- Version a9ffda88be7416b8336f644806c2b3ed3ce08b26 and below 658d2e46c2e9a8eb9b80c5e803ce3c89885b3366 is affected.
- Version a9ffda88be7416b8336f644806c2b3ed3ce08b26 and below 908b92231e1ded53e43fcfad5e0704d83e1b803c is affected.
- Version a9ffda88be7416b8336f644806c2b3ed3ce08b26 and below c623b63580880cc742255eaed3d79804c1b91143 is affected.
- Version 3.3 is affected.
- Before 3.3 is unaffected.
- Version 5.10.259, <= 5.10.* is unaffected.
- Version 5.15.210, <= 5.15.* is unaffected.
- Version 6.1.176, <= 6.1.* is unaffected.
- Version 6.6.140, <= 6.6.* is unaffected.
- Version 6.12.88, <= 6.12.* is unaffected.
- Version 6.18.30, <= 6.18.* is unaffected.
- Version 7.0.7, <= 7.0.* is unaffected.
- Version 7.1, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.