{"id":"CVE-2026-46069","summary":"wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup()\n\nThe mwifiex_adapter_cleanup() function uses timer_delete()\n(non-synchronous) for the wakeup_timer before the adapter structure is\nfreed. This is incorrect because timer_delete() does not wait for any\nrunning timer callback to complete.\n\nIf the wakeup_timer callback (wakeup_timer_fn) is executing when\nmwifiex_adapter_cleanup() is called, the callback will continue to\naccess adapter fields (adapter-\u003ehw_status, adapter-\u003eif_ops.card_reset,\netc.) which may be freed by mwifiex_free_adapter() called later in the\nmwifiex_remove_card() path.\n\nUse timer_delete_sync() instead to ensure any running timer callback has\ncompleted before returning.","modified":"2026-07-15T01:48:53.562537004Z","published":"2026-05-27T12:57:50.213Z","related":["SUSE-SU-2026:22521-1","SUSE-SU-2026:22522-1","SUSE-SU-2026:2799-1","SUSE-SU-2026:2800-1","SUSE-SU-2026:2914-1","openSUSE-SU-2026:10954-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46069.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/030abbae49cf9fd1fba7aa08e15ec81efbeb78cf"},{"type":"WEB","url":"https://git.kernel.org/stable/c/11869ce402d95519d49b25a2a97741f68d69d103"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1958a92599b2653d730ccb6f5685fc3fbed21812"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4e179a60a60c0a5aea245e8e67768343c0f070b8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/63fe3389b3e092d6c0eeea9fc0318e7918b16618"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a88f5391dc68f78cae5eb6a8cd341cafee795d3d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ae5e95d4157481693be2317e3ffcd84e36010cbb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c3508895450cca4aeaf5dbadbb5e582363005264"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46069.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46069"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4636187da60b6e33526050235c610409d9cc00e8"},{"fixed":"c3508895450cca4aeaf5dbadbb5e582363005264"},{"fixed":"1958a92599b2653d730ccb6f5685fc3fbed21812"},{"fixed":"a88f5391dc68f78cae5eb6a8cd341cafee795d3d"},{"fixed":"11869ce402d95519d49b25a2a97741f68d69d103"},{"fixed":"63fe3389b3e092d6c0eeea9fc0318e7918b16618"},{"fixed":"4e179a60a60c0a5aea245e8e67768343c0f070b8"},{"fixed":"030abbae49cf9fd1fba7aa08e15ec81efbeb78cf"},{"fixed":"ae5e95d4157481693be2317e3ffcd84e36010cbb"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46069.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.0.0"},{"fixed":"5.10.259"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.210"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.176"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.140"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.86"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.27"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"7.0.4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46069.json"}}],"schema_version":"1.7.5"}