{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23373", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.003Z", "datePublished": "2026-03-25T10:27:54.155Z", "dateUpdated": "2026-03-25T10:27:54.155Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:54.155Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config\n\nThis triggers a WARN_ON in ieee80211_hw_conf_init and isn't the expected\nbehavior from the driver - other drivers default to 0 too."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/rsi/rsi_91x_mac80211.c"], "versions": [{"version": "0a44dfc070749514b804ccac0b1fd38718f7daa1", "lessThan": "b64fbd718cf42feb75502bf25d0d16eb671aea45", "status": "affected", "versionType": "git"}, {"version": "0a44dfc070749514b804ccac0b1fd38718f7daa1", "lessThan": "95ed07644b2c6119f706484b87b7f43e6133f3b5", "status": "affected", "versionType": "git"}, {"version": "0a44dfc070749514b804ccac0b1fd38718f7daa1", "lessThan": "67d10e8db57ffc21f8177e9e884bbc743fdc0bae", "status": "affected", "versionType": "git"}, {"version": "0a44dfc070749514b804ccac0b1fd38718f7daa1", "lessThan": "d973b1039ccde6b241b438d53297edce4de45b5c", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/rsi/rsi_91x_mac80211.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b64fbd718cf42feb75502bf25d0d16eb671aea45"}, {"url": "https://git.kernel.org/stable/c/95ed07644b2c6119f706484b87b7f43e6133f3b5"}, {"url": "https://git.kernel.org/stable/c/67d10e8db57ffc21f8177e9e884bbc743fdc0bae"}, {"url": "https://git.kernel.org/stable/c/d973b1039ccde6b241b438d53297edce4de45b5c"}], "title": "wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config\n\nThis triggers a WARN_ON in ieee80211_hw_conf_init and isn't the expected\nbehavior from the driver - other drivers default to 0 too."}], "id": "CVE-2026-23373", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:36.940", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/67d10e8db57ffc21f8177e9e884bbc743fdc0bae"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/95ed07644b2c6119f706484b87b7f43e6133f3b5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b64fbd718cf42feb75502bf25d0d16eb671aea45"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d973b1039ccde6b241b438d53297edce4de45b5c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config", "id": "2451244", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451244"}, "csaw": false, "cwe": "CWE-909", "details": ["A flaw was found in the Linux kernel's wifi: rsi module. The `rsi_mac80211_config` function's failure to default to a zero value can trigger a `WARN_ON` in the `ieee80211_hw_conf_init` function. This unexpected driver behavior may lead to system instability or other unforeseen operational issues."], "name": "CVE-2026-23373", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23373\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23373\nhttps://lore.kernel.org/linux-cve-announce/2026032541-CVE-2026-23373-0203@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0a44dfc070749514b804ccac0b1fd38718f7daa1,b64fbd718cf42feb75502bf25d0d16eb671aea45)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0a44dfc070749514b804ccac0b1fd38718f7daa1,95ed07644b2c6119f706484b87b7f43e6133f3b5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0a44dfc070749514b804ccac0b1fd38718f7daa1,67d10e8db57ffc21f8177e9e884bbc743fdc0bae)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[0a44dfc070749514b804ccac0b1fd38718f7daa1,d973b1039ccde6b241b438d53297edce4de45b5c)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.9"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.9)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-03-26T04:47:10.781155+00:00", "value": {"mitigation_remediation": ["Apply a Linux kernel update that contains the rsi driver fix", "If an update is not immediately possible, modify the rsi_mac80211_config function to return 0 instead of \u2013EOPNOTSUPP", "Verify that the WARN_ON no longer occurs and that Wi\u2011Fi interfaces initialize correctly"], "summary": {"action": "Patch Now", "impact": "Denial of Service - Wi\u2011Fi functionality"}, "threat_synthesis": {"affected_systems": "All Linux kernel builds that incorporate the rsi Wi\u2011Fi driver are potentially impacted. The vulnerability entry does not specify affected kernel versions, so any kernel containing the referenced code may be at risk.", "description_and_impact": "This vulnerability occurs in the rsi Wi\u2011Fi driver for the Linux kernel. The driver incorrectly returns the error code \u2013EOPNOTSUPP during configuration, causing the ieee80211_hw_conf_init routine to trigger a WARN_ON. The warning indicates that the driver is not initialized as expected. Based on the description, it is inferred that this misbehavior can prevent the Wi\u2011Fi interface from bringing up properly, which would deny wireless connectivity to users.", "risk_and_exploitability": "The EPSS score is below 1%, and the vulnerability is not listed in the CISA KEV catalog, indicating a low probability of exploitation. The issue manifests during driver initialization, which would typically be performed at system boot or when enabling a wireless interface; the description does not disclose a remote attack vector, so the risk is limited to local or privileged users. The likely attack path would involve leveraging the warning during hardware configuration, but no active exploitation method is known from the supplied data."}}}}, "created": "2026-03-25T21:31:42.740716+00:00", "updated": "2026-03-26T12:15:45.846458+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}