HIGH
wifi WoW MLO Crash
CVE-2026-46271
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
KernelScan AI6.1MEDIUM
01Description
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads enabled on both primary and secondary links. Change to do it only on primary link to fix it. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.1.c5-00284-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1
02KernelScan AI Analysis
Risk summary
Systems with WCN7850 WiFi hardware using multi-link operation (MLO) experience WiFi firmware crashes during power management operations. A local unprivileged user can trigger this by suspending the system or allowing automatic WoW configuration while connected to an MLO-capable access point, causing complete WiFi unavailability until the system is rebooted or the WiFi module is reloaded.
Vulnerability analysis
The vulnerability occurs when Wake-on-WLAN (WoW) offloads are enabled on both primary and secondary links in multi-link WiFi connections. The WCN7850 firmware cannot handle concurrent WoW operations across multiple links and crashes. The fix restricts WoW offload configuration to only the primary link by adding deflink checks in five WoW-related functions. This is a local vulnerability triggered automatically during normal power management operations on affected hardware with MLO enabled, and does not require special privileges.
03Fix Versions
| Branch | Fixed in | Patch commit |
|---|---|---|
| 6.18 | 6.18.14 | 7379837c3f9e |
| 6.19 | 6.19.4 | e042da1085d9 |
| mainline | 7.0 | e62102ac9b77 |