Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()

Check frame length before accessing the mgmt fields in
mt7996_mac_write_txwi_80211 in order to avoid a possible oob access.
Published: 2026-03-25
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Kernel out‑of‑bounds access potentially leading to crash or privilege escalation
Action: Immediate Patch
AI Analysis

Impact

A bug in the mt7996 Wi‑Fi driver allows an out‑of‑bounds read when the function mt7996_mac_write_txwi_80211() processes management frames. This weakness can expose kernel memory or corrupt state, leading to a denial of service or escalation of privilege if a malicious frame is crafted.

Affected Systems

Linux kernel builds that contain the mt76 driver for the MT7996 wireless chipset are affected. The issue exists in any installation that uses the default kernel driver for this hardware. No specific kernel version ranges were supplied.

Risk and Exploitability

The flaw is unlikely to be widely exploited; EPSS scores are below 1% and it is not listed in CISA’s KEV database. However, an attacker could trigger the error by crafting a special WLAN management frame targeting the chip, which would require local network access or the ability to inject frames into the network interface. The severity appears moderate, but the low exploitation probability suggests that applying the fix promptly mitigates the risk.

Generated by OpenCVE AI on March 26, 2026 at 13:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel that includes the mt76 driver patch for MT7996.
  • Verify that the updated kernel contains the latest mt76 code that checks frame length before accessing management fields.

Generated by OpenCVE AI on March 26, 2026 at 13:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CPEs cpe:2.3:o:linux:linux_kernel:6.2:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-805
References

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in mt7996_mac_write_txwi_80211 in order to avoid a possible oob access.
Title wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:04:59.814Z

Reserved: 2026-01-13T15:37:45.996Z

Link: CVE-2026-23325

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T11:16:29.537

Modified: 2026-04-23T21:11:24.957

Link: CVE-2026-23325

cve-icon Redhat

Severity :

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23325 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:49:47Z

Weaknesses