CVE-2026-33552

Published May 27, 2026

Last updated a month ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-33552 is a vulnerability identified in the Linux kernel, specifically within the `wlcore` Wi-Fi driver. The issue stems from an incorrect return value when `pskb_expand_head()` fails to allocate sufficient headroom. Instead of returning `-ENOMEM`, the function returns `-EAGAIN`. This misinterpretation of the return value in `wlcore_tx_work_locked()` leads to a problem where `-EAGAIN` is treated as the aggregation buffer being full. Consequently, the code flushes the buffer, re-queues the packet, and immediately attempts to retry processing the same packet in a tight loop. This continuous retry, while holding a mutex, can result in an infinite loop and a CPU soft lockup. The problem was discovered by an experimental code review agent based on gemini-3.1-pro during a review of backports into v6.18.y.

Description
Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.
Source
cve@mitre.org
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
3.7
Impact score
1.4
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity
LOW

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-269

Social media

Hype score
Not currently trending