Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()

Check frame length before accessing the mgmt fields in
mt76_connac2_mac_write_txwi_80211 in order to avoid a possible oob
access.

[fix check to also cover mgmt->u.action.u.addba_req.capab,
correct Fixes tag]
Published: 2026-03-25
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Out‑of‑bounds memory access
Action: Apply patch
AI Analysis

Impact

A flaw in the Linux kernel's mt76 Wi‑Fi driver permits an out‑of‑bounds memory read through the function mt76_connac2_mac_write_txwi_80211() when the frame length is not validated. This can expose kernel memory contents or lead to further corruption, thereby compromising the confidentiality and integrity of the kernel.

Affected Systems

The vulnerability is present in all Linux kernel releases that include the vulnerable mt76 driver code. Vendor information points to the Linux kernel itself, though no specific kernel version is listed in the advisory.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while an EPSS below 1% signals a low probability of exploitation. The flaw requires kernel execution, implying a local‑privilege or kernel‑level attack; remote exploitation is unlikely. The vulnerability is not in the CISA KEV catalog. The likely attack vector is inferred to be local.

Generated by OpenCVE AI on March 26, 2026 at 14:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel update that includes the commit fixing the out‑of‑bounds access.

Generated by OpenCVE AI on March 26, 2026 at 14:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CPEs cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Thu, 26 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in mt76_connac2_mac_write_txwi_80211 in order to avoid a possible oob access. [fix check to also cover mgmt->u.action.u.addba_req.capab, correct Fixes tag]
Title wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:04:14.195Z

Reserved: 2026-01-13T15:37:45.994Z

Link: CVE-2026-23315

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T11:16:27.897

Modified: 2026-04-23T21:06:57.390

Link: CVE-2026-23315

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23315 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:49:55Z

Weaknesses