{
  "affected": [
    {
      "ecosystem_specific": {
        "urgency": "not yet assigned"
      },
      "package": {
        "ecosystem": "Debian:14",
        "name": "linux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.18.14-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "In the Linux kernel, the following vulnerability has been resolved:  wifi: ath12k: clear stale link mapping of ahvif-\u003elinks_map  When an arvif is initialized in non-AP STA mode but MLO connection preparation fails before the arvif is created (arvif-\u003eis_created remains false), the error path attempts to delete all links. However, link deletion only executes when arvif-\u003eis_created is true. As a result, ahvif retains a stale entry of arvif that is initialized but not created.  When a new arvif is initialized with the same link id, this stale mapping triggers the following WARN_ON.  WARNING: drivers/net/wireless/ath/ath12k/mac.c:4271 at ath12k_mac_op_change_vif_links+0x140/0x180 [ath12k], CPU#3: wpa_supplicant/275  Call trace:  ath12k_mac_op_change_vif_links+0x140/0x180 [ath12k] (P)  drv_change_vif_links+0xbc/0x1a4 [mac80211]  ieee80211_vif_update_links+0x54c/0x6a0 [mac80211]  ieee80211_vif_set_links+0x40/0x70 [mac80211]  ieee80211_prep_connection+0x84/0x450 [mac80211]  ieee80211_mgd_auth+0x200/0x480 [mac80211]  ieee80211_auth+0x14/0x20 [mac80211]  cfg80211_mlme_auth+0x90/0xf0 [cfg80211]  nl80211_authenticate+0x32c/0x380 [cfg80211]  genl_family_rcv_msg_doit+0xc8/0x134  Fix this issue by unassigning the link vif and clearing ahvif-\u003elinks_map if arvif is only initialized but not created.  Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.5-01651-QCAHKSWPL_SILICONZ-1",
  "id": "DEBIAN-CVE-2026-46248",
  "modified": "2026-06-15T18:48:44.848766085Z",
  "published": "2026-06-03T18:16:25.097Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://security-tracker.debian.org/tracker/CVE-2026-46248"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "upstream": [
    "CVE-2026-46248"
  ]
}