{"id":"CVE-2026-23185","summary":"wifi: iwlwifi: mld: cancel mlo_scan_start_wk","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mld: cancel mlo_scan_start_wk\n\nmlo_scan_start_wk is not canceled on disconnection. In fact, it is not\ncanceled anywhere except in the restart cleanup, where we don't really\nhave to.\n\nThis can cause an init-after-queue issue: if, for example, the work was\nqueued and then drv_change_interface got executed.\n\nThis can also cause use-after-free: if the work is executed after the\nvif is freed.","modified":"2026-04-02T13:12:11.872622Z","published":"2026-02-14T16:27:14.815Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23185.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/5ff641011ab7fb63ea101251087745d9826e8ef5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9b9f52f052f4953fecd2190ae2dde3aa76d10962"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23185.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23185"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"9748ad82a9d92b036ff3115207e36e2b9932e354"},{"fixed":"9b9f52f052f4953fecd2190ae2dde3aa76d10962"},{"fixed":"5ff641011ab7fb63ea101251087745d9826e8ef5"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23185.json"}}],"schema_version":"1.7.5"}