CVE-2026-53102
Received Received - Intake
Memory Leak in Linux Kernel WiFi Driver

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak after mt76_connac_mcu_alloc_sta_req() mt76_connac_mcu_alloc_sta_req() allocates an skb which is expected to be freed eventually by mt76_mcu_skb_send_msg(). However, currently if an intermediate function fails before sending, the allocated skb is leaked. Specifically, mt76_connac_mcu_sta_wed_update() and mt76_connac_mcu_sta_key_tlv() may fail, leading to an immediate memory leak in the error path. Fix this by explicitly freeing the skb in these error paths. Commit 7c0f63fe37a5 ("wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv error") made a similar change. Compile tested only. Issue found using a prototype static analysis tool and code review.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-53102
EUVD
EUVD-2026-38970
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux_kernel linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's wifi driver mt76. Specifically, a function called mt76_connac_mcu_alloc_sta_req() allocates memory (an skb) that should be freed later by another function, mt76_mcu_skb_send_msg(). However, if an intermediate function fails before the message is sent, the allocated memory is not freed, causing a memory leak.

The functions mt76_connac_mcu_sta_wed_update() and mt76_connac_mcu_sta_key_tlv() may fail and trigger this memory leak in their error handling paths. The fix involves explicitly freeing the allocated memory in these error paths to prevent the leak.

Impact Analysis

This vulnerability can lead to a memory leak in the Linux kernel's wifi driver. Over time, repeated memory leaks can consume system memory, potentially degrading system performance or causing instability. In severe cases, it could lead to denial of service if the system runs out of memory.

Mitigation Strategies

The vulnerability is a memory leak in the Linux kernel's mt76 wifi driver caused by failure to free allocated skb buffers in certain error paths.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix for this issue, which explicitly frees the skb in the error paths of mt76_connac_mcu_alloc_sta_req() related functions.

Since this is a kernel-level fix, applying the latest kernel patches or upgrading to a kernel version containing commit 7c0f63fe37a5 or later is the recommended immediate step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53102. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart