CVE-2026-53317
Received Received - Intake
Buffer Overflow in MediaTek MT76 WiFi Driver

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: Place upper limit on station AID Any station configured with an AID over 20 causes a firmware crash. This situation occurred in our testing using an AP interface on 7922 hardware, with a modified hostapd, sourced from Mediatek's OpenWRT feeds. In stock hostapd, station AIDs begin counting at 1, and this configuration is prevented with an upper limit on associated stations. However, the modified hostapd began allocation at 65, which caused the firmware to crash. This fix does not allow these AIDs to work, but will prevent the firmware crash. This crash was only seen on IFTYPE_AP interfaces, and the fix does not appear to have an effect on IFTYPE_STATION behavior.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-27
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-53317
EUVD
EUVD-2026-39852
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mediatek hostapd *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's wifi driver for Mediatek mt7921 hardware. It occurs when a station is configured with an Association ID (AID) greater than 20, which causes the firmware to crash.

Normally, in stock hostapd, station AIDs start at 1 and are limited to prevent this issue. However, a modified version of hostapd from Mediatek's OpenWRT feeds began allocating AIDs starting at 65, triggering the crash.

The vulnerability specifically affects AP (Access Point) interfaces on 7922 hardware and does not impact station interfaces.

The fix places an upper limit on station AIDs to prevent the firmware crash, though it does not allow AIDs over 20 to function.

Impact Analysis

If you are using an AP interface on Mediatek 7922 hardware with a modified hostapd that assigns station AIDs over 20, this vulnerability can cause the wifi firmware to crash.

A firmware crash can lead to loss of wireless connectivity, potential denial of service for connected clients, and instability in the wireless network.

This issue does not affect station mode interfaces, so client devices acting as stations are not impacted.

Detection Guidance

This vulnerability involves a firmware crash caused by station AIDs over 20 on an AP interface using Mediatek 7922 hardware with a modified hostapd. Detection would involve monitoring for firmware crashes related to station associations with AIDs exceeding 20.

Since the issue occurs when station AIDs are allocated above 20, you can check the current station AIDs on your AP interface to identify any that exceed this limit.

Commands to inspect connected stations and their AIDs might include using hostapd_cli or iw commands to list associated stations and their AIDs. For example:

  • Use `hostapd_cli all_sta` to list all associated stations and check their AIDs.
  • Use `iw dev <interface> station dump` to get detailed information about connected stations.

Look specifically for any station with an AID value greater than 20, which indicates the presence of the vulnerability condition.

Mitigation Strategies

The immediate mitigation is to ensure that no station is assigned an AID over 20 on AP interfaces using Mediatek 7922 hardware with the modified hostapd.

This can be done by applying the fix that places an upper limit on station AIDs, preventing allocation of AIDs above 20 and thus avoiding firmware crashes.

If you are using a modified hostapd that starts AID allocation at 65, revert to the stock hostapd or update your hostapd to a version that includes this fix.

Additionally, monitor your AP interfaces for firmware stability and avoid configurations that allow station AIDs above 20.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53317. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart