CVE-2026-46271 Overview
CVE-2026-46271 is a Linux kernel vulnerability in the ath12k Wi-Fi driver. The flaw affects the Qualcomm WCN7850 wireless chipset when handling Wake-on-WLAN (WoW) offloads on multi-link connections. The driver enabled WoW offloads on both the primary and secondary links, causing the WCN7850 firmware to crash. The patch restricts WoW offloads to the primary link only. The issue was identified and tested on WCN7850 hw2.0 PCI WLAN.HMT.1.1.c5-00284-QCAHMTSWPL_V1.0_V2.0_SILICONZ-1 firmware.
Critical Impact
A firmware crash on the WCN7850 wireless chipset disrupts Wi-Fi connectivity and can result in denial of service for affected Linux systems using multi-link operation.
Affected Products
- Linux kernel ath12k Wi-Fi driver
- Qualcomm WCN7850 wireless chipset (hw2.0 PCI)
- Systems using multi-link Wi-Fi connections with WoW enabled
Discovery Timeline
- 2026-06-03 - CVE-2026-46271 published to NVD
- 2026-06-03 - Last updated in NVD database
Technical Details for CVE-2026-46271
Vulnerability Analysis
The vulnerability resides in the ath12k driver, which supports Qualcomm Wi-Fi 7 chipsets including the WCN7850. Wi-Fi 7 introduces Multi-Link Operation (MLO), allowing a station to maintain simultaneous links across different radios or bands. When a system entered a low-power state with Wake-on-WLAN configured, the driver pushed WoW offload configuration to firmware for every active link.
The WCN7850 firmware does not support WoW offload configuration on secondary links. Receiving offload commands on both primary and secondary links triggered a firmware crash. The crash terminates wireless connectivity and may require a device reset to restore operation.
The fix limits WoW offload programming to the primary link only, aligning driver behavior with firmware expectations. The remediation is tracked across three upstream kernel commits referenced in the kernel.org stable tree.
Root Cause
The root cause is improper handling of multi-link configurations in the ath12k WoW code path. The driver iterated over all active links and issued offload commands per link, without restricting the operation to the primary link as required by firmware contract.
Attack Vector
The condition is triggered locally when a system with an active multi-link Wi-Fi connection enters suspend or another power state where WoW offloads are programmed. No authenticated remote exploitation path has been documented. The practical impact is a kernel/firmware-level denial of service affecting wireless connectivity.
No proof-of-concept code or exploitation code is available for this issue. See the upstream commits at kernel.org for the technical fix details.
Detection Methods for CVE-2026-46271
Indicators of Compromise
- Kernel log entries showing ath12k firmware crash or assertion messages following suspend/resume cycles on systems with WCN7850 hardware
- Wi-Fi interface failures or repeated firmware reload events recorded in dmesg after enabling Wake-on-WLAN on a multi-link connection
- Loss of wireless connectivity correlated with system power state transitions
Detection Strategies
- Inventory Linux endpoints running kernels with the unpatched ath12k driver and identify hosts with WCN7850 chipsets using lspci and modinfo ath12k
- Monitor kernel ring buffer and journalctl output for ath12k error signatures and firmware crash dumps
- Correlate Wi-Fi disconnect events with suspend/resume activity to surface affected hosts at scale
Monitoring Recommendations
- Forward kernel logs from Linux endpoints to a centralized logging pipeline and alert on ath12k firmware assertion or crash strings
- Track kernel package versions across the fleet to identify hosts still running vulnerable ath12k builds
- Validate that WoW configuration on multi-link Wi-Fi clients does not produce firmware faults during scheduled suspend tests
How to Mitigate CVE-2026-46271
Immediate Actions Required
- Apply the upstream kernel patches referenced in the stable tree commits 7379837c3f9e, e042da1085d9, and e62102ac9b77
- Update to a Linux distribution kernel that includes the ath12k WoW primary-link fix
- On unpatched systems, disable Wake-on-WLAN on WCN7850 interfaces until the kernel is updated
Patch Information
The fix has been merged into the Linux kernel stable tree. Reference the upstream commits: 7379837c3f9efa576dc2d716ebfaa3a113b3112f, e042da1085d9f1686c58a4378d5840f52a36598e, and e62102ac9b773bdb08475aa9ca24dea61ae98708. Rebuild and deploy the kernel from a distribution that incorporates these commits.
Workarounds
- Disable Wake-on-WLAN on the affected interface using iw phy <phy> wowlan disable or the equivalent NetworkManager setting
- Disable Multi-Link Operation on the WCN7850 client until patched kernels are deployed
- Avoid suspend-to-RAM on affected hosts with active multi-link Wi-Fi sessions until remediation is applied
# Configuration example
# Disable Wake-on-WLAN on the affected ath12k interface
sudo iw phy phy0 wowlan disable
# Verify WoW state
sudo iw phy phy0 wowlan show
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
