Linux Kernel, Deadlock, CVE-2026-23130 (medium)

Listen to this Post

A deadlock vulnerability exists in the Linux kernel’s ath12k WiFi driver due to improper locking during the flushing of management frames. The issue arose when a management frame transmission work item was converted to a wiphy work, which requires the wiphy lock to run. In a specific race condition, the `ath12k_mac_op_flush()` function is called to flush pending frames for the hardware. This flush process takes the wiphy lock and then waits for the transmission of queued management frames to complete. However, the work item responsible for actually transmitting those frames cannot run because the wiphy lock it needs is already held by the waiting flush process. This creates a classic deadlock. From a user’s perspective, this manifests as the system repeatedly attempting and failing to authenticate or associate with a WiFi network, eventually aborting the connection and logging an error about failing to flush the management transmit queue. The fix involves moving the existing `wiphy_work_flush()` call to ensure it is also executed in the scenario where the virtual interface (vif) is NULL, proactively running the queued work item and breaking the deadlock.
Platform: Linux Kernel
Version: 6.14 to 6.19
Vulnerability : Improper Locking
Severity: Medium
date: 2026-02-14

Prediction: Already patched

What Undercode Say:

Analytics:

The vulnerability is a local denial-of-service issue with a CVSS v3 base score of 5.5 (Medium). It requires low privileges to exploit and impacts system availability by causing a deadlock, which can hang WiFi operations. No public exploit is currently available. The issue is present in kernel versions 6.14 up to the fix, which was backported to 6.18.8 and 6.19. Major enterprise distributions like SUSE and Ubuntu have marked most of their supported kernels as not affected, suggesting the vulnerable code path is specific to newer or development kernels .

How Exploit:

A local user on a system with an affected kernel and the ath12k driver in use can trigger the deadlock. The exact method involves initiating a WiFi connection (which queues a management frame) and simultaneously initiating a hardware flush operation that calls `ath12k_mac_op_flush()` with a NULL vif argument. This race condition can potentially be triggered by unplugging a device or through specific network manager operations.

Protection from this CVE:

Protection is achieved by updating the Linux kernel to a version containing the fix. The patched versions are 6.18.8 and 6.19 and later. Users of long-term support (LTS) distributions should wait for their specific vendor to backport the fix to their supported kernel versions . System administrators can mitigate the issue by avoiding the use of ath12k WiFi hardware on vulnerable kernels, though this is not a practical long-term solution. The fix commits are:
– `06ac2aa13f70`
– `f88e9fc30a26`

Bash and Code:

Check current kernel version:

uname -r

If the version is between 6.14 and 6.18.7, or 6.19-rc, the system may be vulnerable.
To check if the fix is present in the kernel source:

git log --oneline -n 5 drivers/net/wireless/ath/ath12k/mac.c | grep -E "06ac2aa13f70|f88e9fc30a26"

Impact:

Successful exploitation leads to a denial of service condition where the WiFi interface becomes unresponsive, failing to complete authentication or association processes. This prevents the system from connecting to wireless networks until a reboot or manual intervention to break the deadlock. The impact is localized to the system’s network availability and does not compromise data confidentiality or integrity .

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top