CVE-2026-46152 Linux CVE debrief

Who should care

Linux system administrators running kernels with Wi-Fi mesh (802.11s) support; embedded/IoT device manufacturers using mac80211-based wireless stacks; security teams monitoring kernel networking subsystems for race condition vulnerabilities

Technical summary

The vulnerability exists in net/mac80211/rx.c in the ieee80211_invoke_fast_rx() function. A static enum rx_result res declaration caused all concurrent invocations to share the same storage location. Under parallel RX processing, one CPU could overwrite another's result between the ieee80211_rx_mesh_data() call and the subsequent switch statement on res. This could cause: (1) packets already queued or consumed by mesh processing to incorrectly fall through to ieee80211_rx_8023(), or (2) packets that should continue processing to return RX_QUEUED. The fix changes 'static enum rx_result res' to 'enum rx_result res', making it an automatic variable with per-invocation storage. The issue affects systems using 802.11s mesh networking where fast-RX optimizations are active.

Defensive priority

high

Recommended defensive actions

• Apply kernel updates from your Linux distribution that include the fixed mac80211 code
• Verify running kernel version is at or beyond the patched commits for your stable branch
• Monitor for mesh networking anomalies if running unpatched kernels with 802.11s mesh enabled
• Review system logs for unexpected packet processing errors in wireless interfaces

Evidence notes

Vulnerability disclosed via Linux kernel stable tree commits on 2026-05-28. The issue was a coding defect (incorrect use of static storage class) in a function explicitly documented as thread-safe for parallel execution. Multiple stable kernel branches received backported fixes.

Official resources