CVE-2026-23325
Out-of-Bounds Access in Linux mt7996 WiFi Driver Fixed
Publication date: 2026-03-25
Last updated on: 2026-04-23
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.2 |
| linux | linux_kernel | From 6.19 (inc) to 6.19.7 (exc) |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | 7.0 |
| linux | linux_kernel | From 6.13 (inc) to 6.18.17 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.77 (exc) |
| linux | linux_kernel | From 6.2.1 (inc) to 6.6.130 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's wifi driver for the mt76 chipset, specifically the mt7996 model. It involves a possible out-of-bounds (oob) memory access in the function mt7996_mac_write_txwi_80211. The issue arises because the code did not properly check the frame length before accessing management fields, which could lead to accessing memory outside the intended bounds.
How can this vulnerability impact me? :
A possible out-of-bounds memory access can lead to undefined behavior such as crashes, data corruption, or potentially allow an attacker to execute arbitrary code or cause denial of service. The exact impact depends on how the vulnerability is exploited, but it generally poses a risk to system stability and security.