CVE-2026-53112

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq prepare bcn tasklet

The irq prepare bcn tasklet is initialized in rtl pci init() and scheduled when RTL IMR BCNINT interrupt is triggered by hardware. But it is never killed in rtl pci deinit(). When the rtlwifi card probe fails or is being detached, the ieee80211 hw is deallocated. However, irq prepare bcn tasklet may still be running or pending, leading to use-after-free when the freed ieee80211 hw is accessed in rtl pci prepare bcn tasklet().

Similar to irq tasklet, add tasklet kill() in rtl pci deinit() to ensure that irq prepare bcn tasklet is properly terminated before the ieee80211 hw is released.

The issue was identified through static analysis.