{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23363", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.002Z", "datePublished": "2026-03-25T10:27:46.204Z", "dateUpdated": "2026-03-25T10:27:46.204Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:46.204Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()\n\nCheck frame length before accessing the mgmt fields in\nmt7925_mac_write_txwi_80211 in order to avoid a possible oob access."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/mediatek/mt76/mt7925/mac.c"], "versions": [{"version": "c948b5da6bbec742b433138e3e3f9537a85af2e5", "lessThan": "3356464e50e1ee15ba3c324ef6cc5a475c2e96e4", "status": "affected", "versionType": "git"}, {"version": "c948b5da6bbec742b433138e3e3f9537a85af2e5", "lessThan": "2831a8c574545101e6d0df50785fccb16474eb3c", "status": "affected", "versionType": "git"}, {"version": "c948b5da6bbec742b433138e3e3f9537a85af2e5", "lessThan": "22a6419a8b955df81082285543be3e61816c49b5", "status": "affected", "versionType": "git"}, {"version": "c948b5da6bbec742b433138e3e3f9537a85af2e5", "lessThan": "c41a9abd6ae31d130e8f332e7c8800c4c866234b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/mediatek/mt76/mt7925/mac.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc3", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "7.0-rc3"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3356464e50e1ee15ba3c324ef6cc5a475c2e96e4"}, {"url": "https://git.kernel.org/stable/c/2831a8c574545101e6d0df50785fccb16474eb3c"}, {"url": "https://git.kernel.org/stable/c/22a6419a8b955df81082285543be3e61816c49b5"}, {"url": "https://git.kernel.org/stable/c/c41a9abd6ae31d130e8f332e7c8800c4c866234b"}], "title": "wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()\n\nCheck frame length before accessing the mgmt fields in\nmt7925_mac_write_txwi_80211 in order to avoid a possible oob access."}], "id": "CVE-2026-23363", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:35.407", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/22a6419a8b955df81082285543be3e61816c49b5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2831a8c574545101e6d0df50785fccb16474eb3c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3356464e50e1ee15ba3c324ef6cc5a475c2e96e4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c41a9abd6ae31d130e8f332e7c8800c4c866234b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()", "id": "2451163", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451163"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-805", "details": ["A flaw was found in the Linux kernel's mt76 wireless driver, specifically within the mt7925 component. This vulnerability arises from a failure to properly check the frame length before accessing management fields in the mt7925_mac_write_txwi_80211() function. An attacker could potentially exploit this to trigger an out-of-bounds memory access, which may lead to system instability or other unpredictable behavior."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent the mt7925e or mt7925u module from being loaded. See https://access.redhat.com/solutions/41278 for instructions."}, "name": "CVE-2026-23363", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23363\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23363\nhttps://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23363-3e24@gregkh/T"], "statement": "This flaw affects systems with MediaTek MT7925 wireless adapters. The missing frame length check in mt7925_mac_write_txwi_80211() allows OOB access when processing malformed management frames. Exploitation requires the ability to inject crafted wireless frames, which may be possible over the air depending on the wireless configuration.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-03-25T11:59:16.673051+00:00", "value": {"mitigation_remediation": ["Apply a Linux kernel update that includes the mt76 mt7925 patch", "Verify that the kernel version matches the fixed commit references provided by the kernel community", "Reboot the system after applying the update to ensure the new driver code is loaded", "If a patch is not yet available for your distribution, monitor kernel mailing list or vendor advisories for a release and apply it as soon as it becomes available"], "summary": {"action": "Immediate Patch", "impact": "Potential out\u2011of\u2011bounds memory access in Linux wireless driver"}, "threat_synthesis": {"affected_systems": "The vulnerability resides in the Linux kernel\u2019s mt76 Wi\u2011Fi subsystem, specifically within the mt7925 MAC write function. All kernel releases that contain this unpatched code are affected, including the stock kernels that ship on most Linux distributions as of the time the patch was applied.", "description_and_impact": "A flaw in the Linux kernel\u2019s mt76 Wi\u2011Fi driver allows an attacker to trigger an out\u2011of\u2011bounds access when the function that writes transmission control information is called without first validating the frame length. The unchecked operation can lead to reading or writing outside the intended buffer, which may corrupt kernel memory or expose sensitive data, potentially enabling a privilege escalation or denial\u2011of\u2011service scenario if the memory corruption is exploited.", "risk_and_exploitability": "No CVSS score is available for this issue, and the EPSS score is not provided, so the quantitative risk assessment is unavailable. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, the likely attack vector involves a malicious or malformed Wi\u2011Fi frame directed at a system running the affected driver, which would trigger the uncontrolled write operation. Because this code runs in kernel space, exploitation could lead to full system compromise if an attacker can deliver the triggering traffic."}}}}, "created": "2026-03-25T21:31:52.735812+00:00", "updated": "2026-03-25T21:31:52.735836+00:00", "vendors": []}