{
  "affected": [
    {
      "ecosystem_specific": {
        "urgency": "not yet assigned"
      },
      "package": {
        "ecosystem": "Debian:11",
        "name": "linux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "ecosystem_specific": {
        "urgency": "not yet assigned"
      },
      "package": {
        "ecosystem": "Debian:12",
        "name": "linux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "ecosystem_specific": {
        "urgency": "not yet assigned"
      },
      "package": {
        "ecosystem": "Debian:13",
        "name": "linux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "ecosystem_specific": {
        "urgency": "not yet assigned"
      },
      "package": {
        "ecosystem": "Debian:14",
        "name": "linux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7.0.13-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "In the Linux kernel, the following vulnerability has been resolved:  wifi: fix leak if split 6 GHz scanning fails  rdev-\u003eint_scan_req is leaked if cfg80211_scan() fails.  Note that it's supposed to be released at ___cfg80211_scan_done() but this doesn't happen as rdev-\u003escan_req is NULL at that point, too, leading to the early return from the freeing function.  unreferenced object 0xffff8881161d0800 (size 512):   comm \"wpa_supplicant\", pid 379, jiffies 4294749765   hex dump (first 32 bytes):     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................     00 00 00 00 00 00 00 00 f0 81 13 16 81 88 ff ff  ................   backtrace (crc c867fdb6):     kmemleak_alloc+0x89/0x90     __kmalloc_noprof+0x2fd/0x410     cfg80211_scan+0x133/0x730     nl80211_trigger_scan+0xc69/0x1cc0     genl_family_rcv_msg_doit+0x204/0x2f0     genl_rcv_msg+0x431/0x6b0     netlink_rcv_skb+0x143/0x3f0     genl_rcv+0x27/0x40     netlink_unicast+0x4f6/0x820     netlink_sendmsg+0x797/0xce0     __sock_sendmsg+0xc4/0x160     ____sys_sendmsg+0x5e4/0x890     ___sys_sendmsg+0xf8/0x180     __sys_sendmsg+0x136/0x1e0     __x64_sys_sendmsg+0x76/0xc0     x64_sys_call+0x13f0/0x17d0  Found by Linux Verification Center (linuxtesting.org).",
  "id": "DEBIAN-CVE-2026-53258",
  "modified": "2026-07-09T08:48:12.124613393Z",
  "published": "2026-06-25T09:16:43.800Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://security-tracker.debian.org/tracker/CVE-2026-53258"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "upstream": [
    "CVE-2026-53258"
  ]
}