CVE-2026-23444

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23444
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23444.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-23444
Downstream
Published
2026-04-03T15:15:28.464Z
Modified
2026-04-14T03:47:41.822131Z
Summary
wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: mac80211: always free skb on ieee80211txprepare_skb() failure

ieee80211txprepareskb() has three error paths, but only two of them free the skb. The first error path (ieee80211txprepare() returning TXDROP) does not free it, while invoketxhandlers() failure and the fragmentation check both do.

Add kfreeskb() to the first error path so all three are consistent, and remove the now-redundant frees in callers (ath9k, mt76, mac80211hwsim) to avoid double-free.

Document the skb ownership guarantee in the function's kdoc.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23444.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
06be6b149f7e406bcf16098567f5a6c9f042bced
Fixed
06e769dddcbeb3baf2ce346273b53dd61fdbecf4
Fixed
50f1b690b4868923fbd242298def2fb88662f108
Fixed
d5ad6ab61cbd89afdb60881f6274f74328af3ee9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23444.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.13.0
Fixed
6.18.20
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.10

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23444.json"