CVE-2026-23133

MEDIUM

Linux Kernel 4.16.0-6.18.7 - Use-After-Free in WiFi ath10k DMA Buffer Handling

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses.

References (7)

Core 7

Core References

Patch

https://git.kernel.org/stable/c/e2dda298ef809aa201ea7c0904c4d064f6c497cb

Patch

https://git.kernel.org/stable/c/fc8da65f9fe1bc6802f8240b342cfff4f5c7e841

Patch

https://git.kernel.org/stable/c/b0ad924332a96550a84b8c0ae5483e7042d65fa9

Patch

https://git.kernel.org/stable/c/1928851334ecfd6e0d663121ab69ac639d4217a6

Patch

https://git.kernel.org/stable/c/5d6fa4d2c9799c09389588da5118a72d97d87e92

Patch

https://git.kernel.org/stable/c/07f363f305793baecad41816f73056252f3df61e

Patch

https://git.kernel.org/stable/c/9282a1e171ad8d2205067e8ec3bbe4e3cef4f29f

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 4.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (24)

linux/Kernel 4.16.0 - 5.10.249linux

linux/Kernel 5.11.0 - 5.15.199linux

linux/Kernel 5.16.0 - 6.1.162linux

linux/Kernel 6.13.0 - 6.18.8linux

linux/Kernel 6.2.0 - 6.6.122linux

linux/Kernel 6.7.0 - 6.12.68linux

Linux/Linux < 4.16

Linux/Linux 2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 - 07f363f305793baecad41816f73056252f3df61e

Linux/Linux 2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 - 1928851334ecfd6e0d663121ab69ac639d4217a6

Linux/Linux 2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1 - 5d6fa4d2c9799c09389588da5118a72d97d87e92

... and 14 more

Published Feb 14, 2026

Tracked Since Feb 18, 2026