CVE-2026-46187EPSS p0.7%
CVE-2026-46187CVE-2026-46187
linux / linux_kernel
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: rsi: fix kthread lifetime race between self-exit and external-stop
RSI driver use both self-exit(kthread_complete_and_exit) and external-stop
(kthread_stop) when killing a kthread. Generally, kthread_stop() is called
first, and in this case, no particular issues occur.
However, in rare instances where kthread_complete_and_exit() is called
first and then kthread_stop() is called, a UAF occurs because the kthread
object, which has already exited and been freed, is accessed again.
Therefore, to prevent this with minimal modification, you must remove
kthread_stop() and change the code to wait until the self-exit operation
is completed.
Scoring
| CVSS | 4.7 () |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
| EPSS | 0.09% probability of exploitation · percentile 0.7% · 2026-06-19T12:03:05Z |
| Last modified | 2026-06-11 |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.