CVE-2026-23444 Linux CVE debrief

Who should care

Linux system administrators managing wireless-enabled endpoints; security teams tracking kernel memory exhaustion risks; organizations running IoT or embedded Linux devices with WiFi capabilities on affected kernel versions.

Technical summary

The ieee80211_tx_prepare_skb() function in net/mac80211/tx.c handles preparation of wireless transmission sk_buffs. Of its three error paths, only two invoked kfree_skb() when discarding a packet. The first error path (when ieee80211_tx_prepare() returns TX_DROP) leaked the skb. The resolution adds kfree_skb() to this path and documents that ieee80211_tx_prepare_skb() always consumes the skb, permitting removal of redundant frees in driver callers ath9k, mt76, and mac80211_hwsim. The vulnerability is local, requires low privileges, and has low attack complexity per CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Defensive priority

HIGH

Recommended defensive actions

• Apply the relevant stable kernel patch for your distribution or upgrade to a fixed kernel version (6.18.20 or later, 6.19.10 or later, or 7.0-rc8 or later).
• For systems using long-term support kernels, monitor distribution security advisories for backported fixes.
• Verify that wireless drivers ath9k, mt76, and mac80211_hwsim are updated if running custom kernel builds, as these callers had redundant frees removed.
• Review system memory usage patterns on wireless-enabled Linux hosts for unexpected sk_buff accumulation that may indicate exploitation attempts.
• Ensure kernel live-patching services (where available) are configured to deploy mac80211 subsystem fixes without requiring full reboots.

Evidence notes

CVE published 2026-04-03; modified 2026-06-01. NVD assigns CVSS 3.1 score 7.8 (HIGH). CWE-401 (Missing Release of Memory after Effective Lifetime). Affects Linux kernel versions from 3.13.1 through 6.18.19, 6.19 through 6.19.9, and 7.0-rc1 through 7.0-rc7. Multiple stable branch patches available via kernel.org git.

Official resources