CVE-2026-53258

In the Linux kernel, the following vulnerability has been resolved:

wifi: fix leak if split 6 GHz scanning fails

rdev->int scan req is leaked if cfg80211 scan() fails. Note that it's supposed to be released at cfg80211 scan done() but this doesn't happen as rdev->scan req is NULL at that point, too, leading to the early return from the freeing function.

unreferenced object 0xffff8881161d0800 (size 512): comm "wpa supplicant", pid 379, jiffies 4294749765 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 f0 81 13 16 81 88 ff ff ................ backtrace (crc c867fdb6): kmemleak alloc+0x89/0x90 kmalloc noprof+0x2fd/0x410 cfg80211 scan+0x133/0x730 nl80211 trigger scan+0xc69/0x1cc0 genl family rcv msg doit+0x204/0x2f0 genl rcv msg+0x431/0x6b0 netlink rcv skb+0x143/0x3f0 genl rcv+0x27/0x40 netlink unicast+0x4f6/0x820 netlink sendmsg+0x797/0xce0 sock sendmsg+0xc4/0x160 sys sendmsg+0x5e4/0x890 sys sendmsg+0xf8/0x180 sys sendmsg+0x136/0x1e0 x64 sys sendmsg+0x76/0xc0 x64 sys call+0x13f0/0x17d0

Found by Linux Verification Center (linuxtesting.org).