CVE-2026-46187
MediumCVSS 4.7Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to a race condition in thread management. The issue occurs when kthread_complete_and_exit() is called before kthread_stop(), leading to the use of a kthread object after it has been freed.
Risk Assessment
This vulnerability may lead to unpredictable system behavior, including potential memory leaks or application crashes that utilize this driver.
Recommendation
It is recommended to remove the kthread_stop() call and implement waiting for the self-exit operation to complete to prevent this vulnerability.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exit(kthread_complete_and_exit) and external-stop (kthread_stop) when killing a kthread. Generally, kthread_stop() is called first, and in this case, no particular issues occur. However, in rare instances where kthread_complete_and_exit() is called first and then kthread_stop() is called, a UAF occurs because the kthread object, which has already exited and been freed, is accessed again. Therefore, to prevent this with minimal modification, you must remove kthread_stop() and change the code to wait until the self-exit operation is completed.

