HOMEVULNERABILITIESCVE-2026-23336
NONE

CVE-2026-23336

Published: March 25, 2026· Updated: Mar 25, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:6.5th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()

There is a use-after-free error in cfg80211_shutdown_all_interfaces found

by syzkaller:

BUG: KASAN: use-after-free in cfg80211_shutdown_all_interfaces+0x213/0x220

Read of size 8 at addr ffff888112a78d98 by task kworker/0:5/5326

CPU: 0 UID: 0 PID: 5326 Comm: kworker/0:5 Not tainted 6.19.0-rc2 #2 PREEMPT(voluntary)

Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014

Workqueue: events cfg80211_rfkill_block_work

Call Trace:

<TASK>

dump_stack_lvl+0x116/0x1f0

print_report+0xcd/0x630

kasan_report+0xe0/0x110

cfg80211_shutdown_all_interfaces+0x213/0x220

cfg80211_rfkill_block_work+0x1e/0x30

process_one_work+0x9cf/0x1b70

worker_thread+0x6c8/0xf10

kthread+0x3c5/0x780

ret_from_fork+0x56d/0x700

ret_from_fork_asm+0x1a/0x30

</TASK>

The problem arises due to the rfkill_block work is not cancelled when wiphy

is being unregistered. In order to fix the issue cancel the corresponding

work in wiphy_unregister().

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

NVD Source

Technical Analysis

CVE-2026-23336 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (6)

Quick Facts

CVE IDCVE-2026-23336
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMar 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23336 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.