CVE-2026-23246 Common Vulnerabilities and Exposures

Upstream information

CVE-2026-23246 at MITRE

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration

link_id is taken from the ML Reconfiguration element (control & 0x000f),
so it can be 0..15. link_removal_timeout[] has IEEE80211_MLD_MAX_NUM_LINKS
(15) elements, so index 15 is out-of-bounds. Skip subelements with
link_id >= IEEE80211_MLD_MAX_NUM_LINKS to avoid a stack out-of-bounds
write.

SUSE information

Overall state of this security issue: Does not affect SUSE products

SUSE Bugzilla entry: 1259806 [NEW]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Wed Mar 18 12:00:34 2026
CVE page last modified: Fri May 8 12:04:50 2026