CVE-2026-53258

In the Linux kernel, the following vulnerability has been resolved:

wifi: fix leak if split 6 GHz scanning fails

rdev->intscanreq is leaked if cfg80211_scan() fails. Note that it's supposed to be released at __cfg80211scandone() but this doesn't happen as rdev->scanreq is NULL at that point, too, leading to the early return from the freeing function.

unreferenced object 0xffff8881161d0800 (size 512): comm "wpasupplicant", pid 379, jiffies 4294749765 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f0 81 13 16 81 88 ff ff ................ backtrace (crc c867fdb6): kmemleakalloc+0x89/0x90 __kmallocnoprof+0x2fd/0x410 cfg80211scan+0x133/0x730 nl80211_triggerscan+0xc69/0x1cc0 genlfamilyrcvmsgdoit+0x204/0x2f0 genlrcvmsg+0x431/0x6b0 netlinkrcvskb+0x143/0x3f0 genlrcv+0x27/0x40 netlinkunicast+0x4f6/0x820 netlinksendmsg+0x797/0xce0 __sock_sendmsg+0xc4/0x160 ____sys_sendmsg+0x5e4/0x890 ___sys_sendmsg+0xf8/0x180 __sys_sendmsg+0x136/0x1e0 __x64syssendmsg+0x76/0xc0 x64syscall+0x13f0/0x17d0

Found by Linux Verification Center (linuxtesting.org).