{"api_version":"1","generated_at":"2026-06-04T11:22:41+00:00","cve":"CVE-2026-46187","urls":{"html":"https://cve.report/CVE-2026-46187","api":"https://cve.report/api/cve/CVE-2026-46187.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-46187","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-46187"},"summary":{"title":"wifi: rsi: fix kthread lifetime race between self-exit and external-stop","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rsi: fix kthread lifetime race between self-exit and external-stop\n\nRSI driver use both self-exit(kthread_complete_and_exit) and external-stop\n(kthread_stop) when killing a kthread. Generally, kthread_stop() is called\nfirst, and in this case, no particular issues occur.\n\nHowever, in rare instances where kthread_complete_and_exit() is called\nfirst and then kthread_stop() is called, a UAF occurs because the kthread\nobject, which has already exited and been freed, is accessed again.\n\nTherefore, to prevent this with minimal modification, you must remove\nkthread_stop() and change the code to wait until the self-exit operation\nis completed.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-28 10:16:34","updated_at":"2026-06-01 17:17:31"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/4f9a4ae8d2c198f01611ea376034c326ef43ab56","name":"https://git.kernel.org/stable/c/4f9a4ae8d2c198f01611ea376034c326ef43ab56","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/db57a1aa54ff68669781976e4edb045e09e2b65b","name":"https://git.kernel.org/stable/c/db57a1aa54ff68669781976e4edb045e09e2b65b","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/4ac3095da22fc50e51ec10c3b8323c21ab3e441a","name":"https://git.kernel.org/stable/c/4ac3095da22fc50e51ec10c3b8323c21ab3e441a","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/4f4c9b13c485abd0a2d2c97f9db339d1dd8e147f","name":"https://git.kernel.org/stable/c/4f4c9b13c485abd0a2d2c97f9db339d1dd8e147f","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/95fcb436586dc3c2983537d557ac05bbc6a027f3","name":"https://git.kernel.org/stable/c/95fcb436586dc3c2983537d557ac05bbc6a027f3","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/4f697813162d5f9151726a6d2bee82bffe4b0256","name":"https://git.kernel.org/stable/c/4f697813162d5f9151726a6d2bee82bffe4b0256","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/16d9f674c619838bdeae42abc0929c9c5477ea1f","name":"https://git.kernel.org/stable/c/16d9f674c619838bdeae42abc0929c9c5477ea1f","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/9dfe8a4458a063c6433526bc59112a169eee1aa3","name":"https://git.kernel.org/stable/c/9dfe8a4458a063c6433526bc59112a169eee1aa3","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46187","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46187","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4c62764d0fc21a34ffc44eec1210038c3a2e4473 4ac3095da22fc50e51ec10c3b8323c21ab3e441a git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4c62764d0fc21a34ffc44eec1210038c3a2e4473 9dfe8a4458a063c6433526bc59112a169eee1aa3 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4c62764d0fc21a34ffc44eec1210038c3a2e4473 4f697813162d5f9151726a6d2bee82bffe4b0256 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4c62764d0fc21a34ffc44eec1210038c3a2e4473 95fcb436586dc3c2983537d557ac05bbc6a027f3 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4c62764d0fc21a34ffc44eec1210038c3a2e4473 16d9f674c619838bdeae42abc0929c9c5477ea1f git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4c62764d0fc21a34ffc44eec1210038c3a2e4473 4f9a4ae8d2c198f01611ea376034c326ef43ab56 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4c62764d0fc21a34ffc44eec1210038c3a2e4473 4f4c9b13c485abd0a2d2c97f9db339d1dd8e147f git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4c62764d0fc21a34ffc44eec1210038c3a2e4473 db57a1aa54ff68669781976e4edb045e09e2b65b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected d8f70ad66032363e3edceee81a7be2aaccb2d7f5 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected ec759c0015fb7d4f5c7cb5711d2c8905724c7983 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected c8ed05b1d8520f40395916438da9b38ce937a896 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected ad78e2e057ab8d914a2b5e3e6acf29c3c8a428a3 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected de1fd69b6541ff61177114d63af7ea719c426cf0 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3.18.139 3.19 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.4.179 4.5 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.9.170 4.10 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.14.113 4.15 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.19.36 4.20 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 4.20","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 4.20 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.258 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.209 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.175 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.140 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.88 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.30 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0.7 7.0.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.1-rc3 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"46187","cve":"CVE-2026-46187","epss":"0.000320000","percentile":"0.097210000","score_date":"2026-06-03","updated_at":"2026-06-04 00:06:35"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/net/wireless/rsi/rsi_common.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"4ac3095da22fc50e51ec10c3b8323c21ab3e441a","status":"affected","version":"4c62764d0fc21a34ffc44eec1210038c3a2e4473","versionType":"git"},{"lessThan":"9dfe8a4458a063c6433526bc59112a169eee1aa3","status":"affected","version":"4c62764d0fc21a34ffc44eec1210038c3a2e4473","versionType":"git"},{"lessThan":"4f697813162d5f9151726a6d2bee82bffe4b0256","status":"affected","version":"4c62764d0fc21a34ffc44eec1210038c3a2e4473","versionType":"git"},{"lessThan":"95fcb436586dc3c2983537d557ac05bbc6a027f3","status":"affected","version":"4c62764d0fc21a34ffc44eec1210038c3a2e4473","versionType":"git"},{"lessThan":"16d9f674c619838bdeae42abc0929c9c5477ea1f","status":"affected","version":"4c62764d0fc21a34ffc44eec1210038c3a2e4473","versionType":"git"},{"lessThan":"4f9a4ae8d2c198f01611ea376034c326ef43ab56","status":"affected","version":"4c62764d0fc21a34ffc44eec1210038c3a2e4473","versionType":"git"},{"lessThan":"4f4c9b13c485abd0a2d2c97f9db339d1dd8e147f","status":"affected","version":"4c62764d0fc21a34ffc44eec1210038c3a2e4473","versionType":"git"},{"lessThan":"db57a1aa54ff68669781976e4edb045e09e2b65b","status":"affected","version":"4c62764d0fc21a34ffc44eec1210038c3a2e4473","versionType":"git"},{"status":"affected","version":"d8f70ad66032363e3edceee81a7be2aaccb2d7f5","versionType":"git"},{"status":"affected","version":"ec759c0015fb7d4f5c7cb5711d2c8905724c7983","versionType":"git"},{"status":"affected","version":"c8ed05b1d8520f40395916438da9b38ce937a896","versionType":"git"},{"status":"affected","version":"ad78e2e057ab8d914a2b5e3e6acf29c3c8a428a3","versionType":"git"},{"status":"affected","version":"de1fd69b6541ff61177114d63af7ea719c426cf0","versionType":"git"},{"lessThan":"3.19","status":"affected","version":"3.18.139","versionType":"semver"},{"lessThan":"4.5","status":"affected","version":"4.4.179","versionType":"semver"},{"lessThan":"4.10","status":"affected","version":"4.9.170","versionType":"semver"},{"lessThan":"4.15","status":"affected","version":"4.14.113","versionType":"semver"},{"lessThan":"4.20","status":"affected","version":"4.19.36","versionType":"semver"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/net/wireless/rsi/rsi_common.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"4.20"},{"lessThan":"4.20","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.258","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.209","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.175","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.140","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.88","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.30","versionType":"semver"},{"lessThanOrEqual":"7.0.*","status":"unaffected","version":"7.0.7","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.1-rc3","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.258","versionStartIncluding":"4.20","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.209","versionStartIncluding":"4.20","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.175","versionStartIncluding":"4.20","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.140","versionStartIncluding":"4.20","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.88","versionStartIncluding":"4.20","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.30","versionStartIncluding":"4.20","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.7","versionStartIncluding":"4.20","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.1-rc3","versionStartIncluding":"4.20","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18.139","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.179","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.9.170","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.113","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.36","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rsi: fix kthread lifetime race between self-exit and external-stop\n\nRSI driver use both self-exit(kthread_complete_and_exit) and external-stop\n(kthread_stop) when killing a kthread. Generally, kthread_stop() is called\nfirst, and in this case, no particular issues occur.\n\nHowever, in rare instances where kthread_complete_and_exit() is called\nfirst and then kthread_stop() is called, a UAF occurs because the kthread\nobject, which has already exited and been freed, is accessed again.\n\nTherefore, to prevent this with minimal modification, you must remove\nkthread_stop() and change the code to wait until the self-exit operation\nis completed."}],"providerMetadata":{"dateUpdated":"2026-06-01T16:19:48.479Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/4ac3095da22fc50e51ec10c3b8323c21ab3e441a"},{"url":"https://git.kernel.org/stable/c/9dfe8a4458a063c6433526bc59112a169eee1aa3"},{"url":"https://git.kernel.org/stable/c/4f697813162d5f9151726a6d2bee82bffe4b0256"},{"url":"https://git.kernel.org/stable/c/95fcb436586dc3c2983537d557ac05bbc6a027f3"},{"url":"https://git.kernel.org/stable/c/16d9f674c619838bdeae42abc0929c9c5477ea1f"},{"url":"https://git.kernel.org/stable/c/4f9a4ae8d2c198f01611ea376034c326ef43ab56"},{"url":"https://git.kernel.org/stable/c/4f4c9b13c485abd0a2d2c97f9db339d1dd8e147f"},{"url":"https://git.kernel.org/stable/c/db57a1aa54ff68669781976e4edb045e09e2b65b"}],"title":"wifi: rsi: fix kthread lifetime race between self-exit and external-stop","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-46187","datePublished":"2026-05-28T09:36:41.427Z","dateReserved":"2026-05-13T15:03:33.104Z","dateUpdated":"2026-06-01T16:19:48.479Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-28 10:16:34","lastModifiedDate":"2026-06-01 17:17:31","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"46187","Ordinal":"1","Title":"wifi: rsi: fix kthread lifetime race between self-exit and exter","CVE":"CVE-2026-46187","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"46187","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rsi: fix kthread lifetime race between self-exit and external-stop\n\nRSI driver use both self-exit(kthread_complete_and_exit) and external-stop\n(kthread_stop) when killing a kthread. Generally, kthread_stop() is called\nfirst, and in this case, no particular issues occur.\n\nHowever, in rare instances where kthread_complete_and_exit() is called\nfirst and then kthread_stop() is called, a UAF occurs because the kthread\nobject, which has already exited and been freed, is accessed again.\n\nTherefore, to prevent this with minimal modification, you must remove\nkthread_stop() and change the code to wait until the self-exit operation\nis completed.","Type":"Description","Title":"wifi: rsi: fix kthread lifetime race between self-exit and exter"}]}}}