{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23373", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.003Z", "datePublished": "2026-03-25T10:27:54.155Z", "dateUpdated": "2026-05-11T22:05:37.258Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:05:37.258Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config\n\nThis triggers a WARN_ON in ieee80211_hw_conf_init and isn't the expected\nbehavior from the driver - other drivers default to 0 too."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/rsi/rsi_91x_mac80211.c"], "versions": [{"version": "0a44dfc070749514b804ccac0b1fd38718f7daa1", "lessThan": "b64fbd718cf42feb75502bf25d0d16eb671aea45", "status": "affected", "versionType": "git"}, {"version": "0a44dfc070749514b804ccac0b1fd38718f7daa1", "lessThan": "95ed07644b2c6119f706484b87b7f43e6133f3b5", "status": "affected", "versionType": "git"}, {"version": "0a44dfc070749514b804ccac0b1fd38718f7daa1", "lessThan": "67d10e8db57ffc21f8177e9e884bbc743fdc0bae", "status": "affected", "versionType": "git"}, {"version": "0a44dfc070749514b804ccac0b1fd38718f7daa1", "lessThan": "d973b1039ccde6b241b438d53297edce4de45b5c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/rsi/rsi_91x_mac80211.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b64fbd718cf42feb75502bf25d0d16eb671aea45"}, {"url": "https://git.kernel.org/stable/c/95ed07644b2c6119f706484b87b7f43e6133f3b5"}, {"url": "https://git.kernel.org/stable/c/67d10e8db57ffc21f8177e9e884bbc743fdc0bae"}, {"url": "https://git.kernel.org/stable/c/d973b1039ccde6b241b438d53297edce4de45b5c"}], "title": "wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BF58074-7CF5-43A3-A4ED-82674E37A312", "versionEndExcluding": "6.12.77", "versionStartIncluding": "6.9.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5E006E4-59C7-43C1-9231-62A72219F2BA", "versionEndExcluding": "6.18.17", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:-:*:*:*:*:*:*", "matchCriteriaId": "3F2A4A3D-068A-4CF2-A09F-9C7937DDB0A5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config\n\nThis triggers a WARN_ON in ieee80211_hw_conf_init and isn't the expected\nbehavior from the driver - other drivers default to 0 too."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nwifi: rsi: No usar -EOPNOTSUPP por defecto en rsi_mac80211_config\n\nEsto activa un WARN_ON en ieee80211_hw_conf_init y no es el comportamiento esperado del controlador - otros controladores tambi\u00e9n usan 0 por defecto."}], "id": "CVE-2026-23373", "lastModified": "2026-04-24T16:35:27.657", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T11:16:36.940", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/67d10e8db57ffc21f8177e9e884bbc743fdc0bae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/95ed07644b2c6119f706484b87b7f43e6133f3b5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b64fbd718cf42feb75502bf25d0d16eb671aea45"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d973b1039ccde6b241b438d53297edce4de45b5c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config", "id": "2451244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451244"}, "csaw": false, "cwe": "CWE-909", "details": ["A flaw was found in the Linux kernel's wifi: rsi module. The `rsi_mac80211_config` function's failure to default to a zero value can trigger a `WARN_ON` in the `ieee80211_hw_conf_init` function. This unexpected driver behavior may lead to system instability or other unforeseen operational issues."], "name": "CVE-2026-23373", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23373\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23373\nhttps://lore.kernel.org/linux-cve-announce/2026032541-CVE-2026-23373-0203@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0a44dfc070749514b804ccac0b1fd38718f7daa1,b64fbd718cf42feb75502bf25d0d16eb671aea45)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0a44dfc070749514b804ccac0b1fd38718f7daa1,95ed07644b2c6119f706484b87b7f43e6133f3b5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0a44dfc070749514b804ccac0b1fd38718f7daa1,67d10e8db57ffc21f8177e9e884bbc743fdc0bae)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0a44dfc070749514b804ccac0b1fd38718f7daa1,d973b1039ccde6b241b438d53297edce4de45b5c)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.9"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.9)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T21:59:54.994843+00:00", "value": {"mitigation_remediation": ["Reboot the system after upgrading the kernel to the latest stable release that incorporates the rsi driver fix; the patch is committed to the stable tree.", "If an immediate kernel upgrade is impractical, temporarily disable the rsi driver using modprobe -r rsi or blacklist it in /etc/modprobe.d/ to prevent the driver from loading until a fix is available.", "Continuously monitor kernel logs for repeated WARN_ON entries referencing rsi_mac80211_config to detect remaining mis\u2011initialization after the patch."], "summary": {"action": "Update Kernel", "impact": "Driver Instability / Potential Denial of Service"}, "threat_synthesis": {"affected_systems": "The issue affects Linux systems that include the rsi wireless driver code in the kernel. The known affected kernel versions are 6.9 and the 7.0 release candidates 7.0\u2011rc1 through 7.0\u2011rc7, as reflected in the encompassed CPE entries. Any system using these kernel releases without the patch is potentially affected. The vulnerability is vendor\u2011neutral, affecting the Linux kernel image only.", "description_and_impact": "The Linux kernel wireless driver for Realtek (rsi) contains a bug where the rsi_mac80211_config function returns a default error code of \u2013EOPNOTSUPP instead of 0. This unexpected return value triggers a WARN_ON in ieee80211_hw_conf_init and deviates from the behavior of other drivers, which default to success. The flaw represents a CWE\u2011909 Improper Handling of Driver Configurations and may lead to the rsi driver failing to initialize correctly, potentially causing intermittent Wi\u2011Fi service disruptions. Although the warning itself does not provide an attack vector, mis\u2011initialization could degrade the stability of the wireless interface.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, while the EPSS score of <1% suggests a low probability of exploitation and the vulnerability is not listed in CISA's KEV catalog. The nature of the bug is a misconfiguration at driver initialization; there is no documented exploit or escalation path. The likely attack surface is local: an attacker with the ability to interact with the driver (e.g., via device power cycling or parameter changes) could attempt to replay the invalid configuration. Without such capability the risk remains low, so the vulnerability is best treated as a potential driver stability issue rather than a direct security threat."}}}}, "created": "2026-03-25T21:31:42.740716+00:00", "updated": "2026-04-28T22:00:14.199019+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}