CVE-2026-31548

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the cfg80211 component of the wifi subsystem. When an nl80211 socket originating a PMSR request is closed, the cfg80211 release pmsr() function sets the nl portid variable to zero and schedules pmsr free wk to process the abort asynchronously. If the interface is torn down before this work executes, cfg80211 pmsr wdev down() calls cfg80211 pmsr process abort() directly, but the pending pmsr free wk work item may still run after the interface is removed. This can lead to the driver's abort pmsr() callback operating on a torn-down interface, resulting in undefined behavior and potential crashes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.