CVE-2026-23315
Received Received - Intake
Out-of-Bounds Access in Linux mt76 WiFi Driver Fixed

Publication date: 2026-03-25

Last updated on: 2026-04-23

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in mt76_connac2_mac_write_txwi_80211 in order to avoid a possible oob access. [fix check to also cover mgmt->u.action.u.addba_req.capab, correct Fixes tag]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-23
Generated
2026-05-07
AI Q&A
2026-03-25
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23315
EUVD
EUVD-2026-15261
Affected Vendors & Products
Showing 13 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.10
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.10.1 (inc) to 6.1.167 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.17 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.77 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's wifi driver mt76, specifically in the function mt76_connac2_mac_write_txwi_80211. It involves a possible out-of-bounds (oob) access due to insufficient checking of the frame length before accessing management fields.

The fix involves adding a check on the frame length to ensure safe access to the management fields, preventing potential out-of-bounds memory access.


How can this vulnerability impact me? :

A possible out-of-bounds access vulnerability can lead to memory corruption, which might cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the mt76 driver, specifically addressing the out-of-bounds access in mt76_connac2_mac_write_txwi_80211.

This fix involves checking the frame length before accessing management fields to avoid possible out-of-bounds access.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart