HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-46271Published Modified CNA Linux

CVE-2026-46271: wifi: ath12k: do WoW offloads only on primary link

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads enabled on both primary and secondary links. Change to do it only on primary link to fix it. Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.1.c5-00284-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1

Metrics

CVSS v3.1
7.8
Severity
HIGH
Fixed in
0
Affected Products
2

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a firmware crash vulnerability in the Linux kernel's ath12k Wi-Fi driver, affecting the WCN7850 chipset during Wake-on-Wireless (WoW) offload handling in multi-link connections. An attacker with a local shell and low-privilege access can trigger the flaw without any network exposure or victim interaction. Successful exploitation crashes the affected wireless firmware, disrupting wireless connectivity. Patched-image rebuilds at versions 6.18.14, 6.19.4, and 7.0 are available on HarborGuard for environments running an affected kernel version.

HarborGuard Coverage

Detection

Detection of CVE-2026-46271 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of publication using ingestion from upstream Linux kernel feeds. Coverage extends to custom-built images that include affected ath12k kernel versions, not just images pulled from public registries.

Available
Triage

HarborGuard is capable of scoring this CVE at 7.8 HIGH using its CVSS v3.1 vector and weighting that score against each environment's compliance policy to determine urgency. Triage routing to the appropriate team inbox inside each customer organization is available based on workload ownership and policy configuration.

Available
Patch

A patched-image rebuild targeting the fix versions (6.18.14, 6.19.4, or 7.0) becomes available in HarborGuard once the upstream fix is confirmed for a given image's kernel lineage. For customers who opt into auto-remediation, HarborGuard can execute the rebuild, run a regression test suite, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityNot required

    The attacker needs an existing shell or process on the host; no network path to the target is required.

  • AuthenticationRequired

    Any low-privilege local account is sufficient to trigger the vulnerability; no elevated or administrator credentials are needed.

  • Victim interactionNot required

    Exploitation requires no action from another user or process; the attacker acts entirely on their own.

  • Attack complexityDetail

    The exploit is reliable and condition-free, with no race conditions or environmental dependencies required to trigger the firmware crash.

Blast Radius

  • Crashes the WCN7850 wireless firmware, taking down the affected wireless interface and severing any active Wi-Fi connections on the host.
  • Reads of sensitive kernel memory associated with the wireless subsystem may be possible given the high confidentiality impact rating in the CVSS score.
  • Modifies kernel or firmware state associated with the ath12k driver, potentially corrupting Wi-Fi link configuration data.
  • Causes a denial-of-service condition for all processes on the host that depend on wireless connectivity through the affected interface.

How HarborGuard Handles This

Available on HarborGuard: detection runs against customer images within minutes of CVE publication, covering both public and internally built images that bundle an affected Linux kernel. For environments where compliance policy permits auto-remediation, HarborGuard can rebuild the image at a fixed kernel version (6.18.14, 6.19.4, or 7.0 depending on the release branch in use), run regression tests, and open a pull request against affected workloads. Median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. Where auto-remediation is not enabled, HarborGuard flags the finding for manual review and routes it to the team inbox configured for kernel-level vulnerabilities in each organization.

See how HarborGuard automates this

Fix available

06.18.146.19.47.07379837c3f9efa576dc2d716ebfaa3a113b3112fe042da1085d9f1686c58a4378d5840f52a36598ee62102ac9b773bdb08475aa9ca24dea61ae98708
Affected packages
  • Linux / Linux
    < 7379837c3f9efa576dc2d716ebfaa3a113b3112f (from 32f7b19668bd2894f1a236580c2132fc4b9f4449) · < e042da1085d9f1686c58a4378d5840f52a36598e (from 32f7b19668bd2894f1a236580c2132fc4b9f4449) · < e62102ac9b773bdb08475aa9ca24dea61ae98708 (from 32f7b19668bd2894f1a236580c2132fc4b9f4449)
  • Linux / Linux
    6.16
    Fixed in 0, 6.18.14, 6.19.4, 7.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References