CVE-2026-46187 Linux CVE debrief

Who should care

Organizations running Linux systems with Redpine Signals (RSI) Wi-Fi chipsets; embedded/IoT device manufacturers using RSI wireless modules; Linux distribution maintainers responsible for kernel security updates; security teams tracking kernel driver vulnerabilities affecting wireless networking stacks

Technical summary

The RSI (Redpine Signals) Wi-Fi driver in the Linux kernel contains a use-after-free vulnerability stemming from improper synchronization between two kthread termination paths. The driver historically allowed both self-exit via kthread_complete_and_exit() and external termination via kthread_stop(). When the self-exit path wins the race and completes first, the kthread object is freed; a subsequent kthread_stop() then dereferences the freed memory. The resolution removes the external kthread_stop() call entirely, instead waiting for the self-exit completion through proper synchronization primitives. This minimal change eliminates the race window without restructuring the driver's thread management logic.

Defensive priority

high

Recommended defensive actions

• Apply kernel updates containing the referenced stable tree commits when available from your Linux distribution
• Monitor vendor security advisories for RSI driver fixes in enterprise Linux distributions
• If running custom kernels with RSI driver, cherry-pick the referenced commits from kernel.org stable trees
• Review systems using Redpine Signals (RSI) Wi-Fi chipsets for exposure to this driver
• Consider disabling RSI driver if not required until patches are applied

Evidence notes

CVE description confirms UAF in RSI Wi-Fi driver kthread handling. Five kernel.org stable tree commits provided as references indicate backports to multiple stable branches. No CVSS score assigned; NVD status 'Awaiting Analysis'.

Official resources