CVE-2026-31394NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference8 documents8 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations ieee80211_chan_bw_change() iterates all stations and accesses link->reserved.oper via sta->sdata->link[link_id]. For stations on AP_VLAN interfaces (e.g. 4addr WDS clients), sta->sdata points to the VLAN sdata, whose link never participates in chanctx reservations. This leaves link->reserved.oper zero-initialized with chan == NULL, causing a NULL pointer dere

Affected Packages2 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linuxb27512368591fc959768df1f7dacf2a96b1bd03665c25b588994dd422fea73fa322de56e1ae4a33b+4

🔴Vulnerability Details

3
GHSA
GHSA-96f2-8m7p-q7j4: In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations ieee80211_c2026-04-03
CVEList
mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations2026-04-03
OSV
CVE-2026-31394: In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations ieee80211_cha2026-04-03

📋Vendor Advisories

3
Red Hat
kernel: mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations2026-04-03
Microsoft
mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations2026-04-02
Debian
CVE-2026-31394: linux - In the Linux kernel, the following vulnerability has been resolved: mac80211: f...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-31394 Impact, Exploitability, and Mitigation Steps | Wiz