CVE-2026-23185

CVE-2026-23185

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mlo_scan_start_wk mlo_scan_start_wk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to. This can cause an init-after-queue issue: if, for example, the work was queued and then drv_change_interface got executed. This can also cause use-after-free: if the work is executed after the vif is freed.

Published Feb 16, 2026

https://lore.kernel.org/linux-cve-announce/2026021431-CVE-2026-23185-7d56@gregkh/

CVSS ScoreHigh

7.8

Vulnerabilities

CVE-2026-23185

Published Feb 16, 2026

https://lore.kernel.org/linux-cve-announce/2026021431-CVE-2026-23185-7d56@gregkh/

CVSS ScoreHigh

7.8

CVE-2026-23185 Security Details

CVE ID: CVE-2026-23185
CWE: CWE-416
CVE Description: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mlo_scan_start_wk mlo_scan_start_wk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to. This can cause an init-after-queue issue: if, for example, the work was queued and then drv_change_interface got executed. This can also cause use-after-free: if the work is executed after the vif is freed.
Published: Feb 16, 2026
CVSS Score & Severity: 7.8High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 0.017%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://lore.kernel.org/linux-cve-announce/2026021431-CVE-2026-23185-7d56@gregkh/PROJECT

CVE-2026-23185 Security Details

CVE ID: CVE-2026-23185
CWE: CWE-416
CVE Description: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mlo_scan_start_wk mlo_scan_start_wk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to. This can cause an init-after-queue issue: if, for example, the work was queued and then drv_change_interface got executed. This can also cause use-after-free: if the work is executed after the vif is freed.
Published: Feb 16, 2026
CVSS Score & Severity: 7.8High
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score: 0.017%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://lore.kernel.org/linux-cve-announce/2026021431-CVE-2026-23185-7d56@gregkh/PROJECT

Find vulnerabilities. Fix fast with AI.

CVE-2026-23185

CVE-2026-23185 Security Details

CVE-2026-23185 Security Details