AI description
CVE-2026-33552 is a vulnerability identified in the Linux kernel, specifically within the `wlcore` Wi-Fi driver. The issue stems from an incorrect return value when `pskb_expand_head()` fails to allocate sufficient headroom. Instead of returning `-ENOMEM`, the function returns `-EAGAIN`. This misinterpretation of the return value in `wlcore_tx_work_locked()` leads to a problem where `-EAGAIN` is treated as the aggregation buffer being full. Consequently, the code flushes the buffer, re-queues the packet, and immediately attempts to retry processing the same packet in a tight loop. This continuous retry, while holding a mutex, can result in an infinite loop and a CPU soft lockup. The problem was discovered by an experimental code review agent based on gemini-3.1-pro during a review of backports into v6.18.y.
- Description
- Northern.tech Mender Enterprise Server before 4.1.1 has Incorrect Access Control.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 3.1
- Type
- Secondary
- Base score
- 3.7
- Impact score
- 1.4
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-269
- Hype score
- Not currently trending