CVE-2026-23363 - Vulnerability Details

- wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()

Check frame length before accessing the mgmt fields in
mt7925_mac_write_txwi_80211 in order to avoid a possible oob access.

Published: 2026-03-25

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A memory controller in the Linux kernel’s mt7925 Wi‑Fi driver can read or write outside the bounds of a buffer when handling certain transmission control frames. This out‑of‑bounds access can corrupt kernel memory, leading to a crash or other instability of the operating system. The flaw does not grant direct privilege escalation; its most severe consequence is loss of availability.

Affected Systems

Linux kernel builds that include the mt76 driver with the mt7925 module and have not yet incorporated the upstream patch are vulnerable. Devices that rely on the mt7925 wireless chip, such as many consumer laptop and embedded adapters, are within scope. The vulnerability exists in the kernel component that interfaces directly with Wi‑Fi hardware and is not limited to a specific kernel version beyond those that lack the patch.

Risk and Exploitability

The score of 5.5 reflects a moderate impact, while the probability of exploitation is judged to be low, based on an estimated likelihood of under 1%. The vulnerability is not catalogued as a widely exploited issue. An attacker would need to transmit a specially crafted Wi‑Fi packet that reaches the vulnerable driver, implying a remote, network‑based attack vector. Successful exploitation would likely cause a kernel crash or memory corruption, disrupting service but not necessarily elevating privileges.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`c948b5da6bbec742b433138e3e3f9537a85af2e5`	affected	< 3356464e50e1ee15ba3c324ef6cc5a475c2e96e4
`c948b5da6bbec742b433138e3e3f9537a85af2e5`	affected	< 2831a8c574545101e6d0df50785fccb16474eb3c
`c948b5da6bbec742b433138e3e3f9537a85af2e5`	affected	< 22a6419a8b955df81082285543be3e61816c49b5
`c948b5da6bbec742b433138e3e3f9537a85af2e5`	affected	< c41a9abd6ae31d130e8f332e7c8800c4c866234b

Linux

affected

Version	Status	Constraints
`6.7`	affected	—
`0`	unaffected	< 6.7
`6.12.77`	unaffected	≤ 6.12.*
`6.18.17`	unaffected	≤ 6.18.*
`6.19.7`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.7:-::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[c948b5da6bbec742b433138e3e3f9537a85af2e5,3356464e50e1ee15ba3c324ef6cc5a475c2e96e4)`	affected	code_commit	—
`[c948b5da6bbec742b433138e3e3f9537a85af2e5,2831a8c574545101e6d0df50785fccb16474eb3c)`	affected	code_commit	—
`[c948b5da6bbec742b433138e3e3f9537a85af2e5,22a6419a8b955df81082285543be3e61816c49b5)`	affected	code_commit	—
`[c948b5da6bbec742b433138e3e3f9537a85af2e5,c41a9abd6ae31d130e8f332e7c8800c4c866234b)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.7`	affected	generic	—
`[0,6.7)`	unaffected	semver	—
`[6.12.77,6.13.0]`	unaffected	semver	—
`[6.18.17,6.19.0]`	unaffected	semver	—
`[6.19.7,6.20.0]`	unaffected	semver	—
`[7.0-rc3,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a kernel update that includes the mt7925 patch
If an official update is not yet available, apply the upstream source patch manually

Generated by OpenCVE AI on March 26, 2026 at 05:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00023.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/22a6419a8b955df81082285543be3e61816c49b5
https://git.kernel.org/stable/c/2831a8c574545101e6d0df50785fccb16474eb3c
https://git.kernel.org/stable/c/3356464e50e1ee15ba3c324ef6cc5a475c2e96e4
https://git.kernel.org/stable/c/c41a9abd6ae31d130e8f332e7c8800c4c866234b
https://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23363-3e24@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23363
https://www.cve.org/CVERecord?id=CVE-2026-23363

History

Fri, 24 Apr 2026 19:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
CPEs		cpe:2.3:o:linux:linux_kernel:6.7:-:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc7::::::
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}`

Thu, 26 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-805
References		https://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23363-3e24@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23363 https://www.cve.org/CVERecord?id=CVE-2026-23363
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 25 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in mt7925_mac_write_txwi_80211 in order to avoid a possible oob access.
Title		wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/22a6419a8b955df81082285543be3e61816c49b5 https://git.kernel.org/stable/c/2831a8c574545101e6d0df50785fccb16474eb3c https://git.kernel.org/stable/c/3356464e50e1ee15ba3c324ef6cc5a475c2e96e4 https://git.kernel.org/stable/c/c41a9abd6ae31d130e8f332e7c8800c4c866234b

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-03-25T10:27:46.204Z

Updated: 2026-04-13T06:05:50.516Z

Reserved: 2026-01-13T15:37:46.002Z

Link: CVE-2026-23363

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-03-25T11:16:35.407

Modified: 2026-04-24T18:48:32.070

Link: CVE-2026-23363

Redhat

Severity : Moderate

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23363 - Bugzilla

OpenCVE Enrichment

Updated: 2026-03-26T12:15:55Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object