HOMEVULNERABILITIESCVE-2026-53258
NONE

CVE-2026-53258

Published: June 25, 2026· Updated: Jun 30, 2026

EPSS:0.16%probability of exploitation in 30 daysPercentile:5.7th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: fix leak if split 6 GHz scanning fails

rdev->int_scan_req is leaked if cfg80211_scan() fails. Note that it's

supposed to be released at ___cfg80211_scan_done() but this doesn't happen

as rdev->scan_req is NULL at that point, too, leading to the early return

from the freeing function.

unreferenced object 0xffff8881161d0800 (size 512):

comm "wpa_supplicant", pid 379, jiffies 4294749765

hex dump (first 32 bytes):

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00 00 00 00 00 00 00 00 f0 81 13 16 81 88 ff ff ................

backtrace (crc c867fdb6):

kmemleak_alloc+0x89/0x90

__kmalloc_noprof+0x2fd/0x410

cfg80211_scan+0x133/0x730

nl80211_trigger_scan+0xc69/0x1cc0

genl_family_rcv_msg_doit+0x204/0x2f0

genl_rcv_msg+0x431/0x6b0

netlink_rcv_skb+0x143/0x3f0

genl_rcv+0x27/0x40

netlink_unicast+0x4f6/0x820

netlink_sendmsg+0x797/0xce0

__sock_sendmsg+0xc4/0x160

____sys_sendmsg+0x5e4/0x890

___sys_sendmsg+0xf8/0x180

__sys_sendmsg+0x136/0x1e0

__x64_sys_sendmsg+0x76/0xc0

x64_sys_call+0x13f0/0x17d0

Found by Linux Verification Center (linuxtesting.org).

NVD Source

Technical Analysis

CVE-2026-53258 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-53258
SeverityNONE
CISA KEVNo
EPSS (30d)0.16%
PublishedJun 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-53258 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.