CVE-2026-46180 Linux CVE debrief

Who should care

Organizations running Linux systems with Broadcom FullMAC wireless chipsets, particularly those in high-availability or security-sensitive environments where kernel stability is paramount. Cloud and edge deployments using brcmfmac-dependent hardware should track this fix.

Technical summary

The brcmfmac driver manages a watchdog kernel thread for hardware monitoring. During driver shutdown, the sequence of send_sig() followed by kthread_stop() creates a window where the task may already have exited and freed its task_struct. The vulnerability is a classic TOCTOU (time-of-check to time-of-use) race in thread lifecycle management. The resolution employs reference counting: kthread_get() increments the reference before signal delivery, and kthread_stop_put() atomically stops the thread and decrements the reference, ensuring the task structure remains valid throughout the operation. Multiple stable tree commits indicate backports to various kernel release branches.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable tree commits when available from your Linux distribution
• Monitor vendor security advisories for brcmfmac driver patches
• Review systems using Broadcom FullMAC wireless chipsets for exposure
• Prioritize patching on systems with untrusted local access or where Wi-Fi driver stability is critical

Evidence notes

Vulnerability description sourced from official CVE record and NVD entry. Fix commits identified in kernel.org stable tree. No CVSS score or severity assigned by NVD at time of disclosure (status: Awaiting Analysis). Vendor attribution marked low confidence due to 'Unknown Vendor' classification in source data; canonical vendor is Linux kernel maintainers based on patch source.

Official resources