CVE-2026-46125 Linux CVE debrief

Who should care

Organizations running Linux systems with Wi-Fi 7 (802.11be) hardware and MLO enabled, particularly those with debugfs enabled in production kernel builds. Cloud providers and edge computing deployments using wireless connectivity should monitor for kernel updates.

Technical summary

The mac80211 subsystem in the Linux kernel fails to properly clean up station state when Multi-Link Operation (MLO) connection preparation fails. During MLO setup failure, the virtual interface is reset from MLD to non-MLD state, but the associated station—linked to the virtual interface's link—is not removed. This leaves a dangling station reference that causes use-after-free or double-free conditions when debugfs recreates its structures. The fix ensures station deletion occurs during the connection preparation failure path, matching the cleanup behavior for successfully created stations.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable tree commits when available from your Linux distribution
• Monitor distribution security advisories for backported fixes to supported kernel versions
• If running custom kernel builds with debugfs enabled, prioritize patching due to elevated corruption risk
• Review systems using Wi-Fi 7 (802.11be) MLO capabilities as the vulnerable code path is specific to MLO connection handling
• Consider disabling debugfs in production environments if not required for diagnostics to reduce attack surface

Evidence notes

Vulnerability description sourced from official CVE record and NVD entry. Fix commits identified in kernel.org stable tree. No CVSS score or severity assigned by NVD at time of disclosure (status: Awaiting Analysis). Vendor attribution marked low confidence due to 'Unknown Vendor' classification in source data, though kernel.org references confirm Linux kernel as affected product.

Official resources