CVE-2026-46136 - Vulnerability Details

- wifi: mt76: mt7921: fix a potential clc buffer length underflow

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7921: fix a potential clc buffer length underflow

The buf_len is used to limit the iterations for retrieving the country
power setting and may underflow under certain conditions due to changes
in the power table in CLC.

This underflow leads to an almost infinite loop or an invalid power
setting resulting in driver initialization failure.

Published: 2026-05-28

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from a buffer length underflow in the Linux kernel’s mt76 mt7921 wireless driver. This underflow can cause the driver to spin in an almost infinite loop or to apply an invalid power setting, resulting in a failure to initialize the wireless interface. The consequence of this behavior is a denial of service at the system or interface level, potentially preventing the device from establishing network connectivity.

Affected Systems

This issue affects Linux systems running any kernel that includes the mt76 mt7921 driver prior to the fix. The specific kernel versions that contain the vulnerability are not listed in the available data, but the problem exists in all releases where the mt7921 driver is compiled with the CLC power table code without the applied patch.

Risk and Exploitability

The CVSS score is not provided, but the nature of the defect—a buffer underflow leading to an infinite loop—indicates a high severity that can disrupt device operation. The EPSS score is not available, so the historical likelihood of exploitation is unknown. The vulnerability is not listed in the CISA KEV catalog. While the exact attack path is not described, the likely vector requires interaction with the wireless driver, which may be triggered by an attacker in proximity to the device or by configuration changes made to the power table. Given the potential for a device to hang or fail to boot its network stack, the risk to availability is significant.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`15173a1697236793e9e900b82fece6f99d41b2a7`	affected	< e451c325b000b9a0081fd93bc6d103d6943d4b55
`fa6ad88e023ddfa6c5dcdb466d159e89f451e305`	affected	< 90cc573fd2f46ddbc2c329e7814b5ba3deb7b939
`fa6ad88e023ddfa6c5dcdb466d159e89f451e305`	affected	< 0aa63d33742b805d1a218d18d12b983cce4b2f7b
`fa6ad88e023ddfa6c5dcdb466d159e89f451e305`	affected	< a0111847f0b4f6023f6dd320114697514e024ba3
`fa6ad88e023ddfa6c5dcdb466d159e89f451e305`	affected	< 5373f8b19e568b5c217832b9bbef165bd2b2df14
`0c9318d49e501a5d50b02bd91a4813bde2353488`	affected	—
`5c8cac512844ad593d31258e215908014381bee2`	affected	—
`6.6.14`	affected	< 6.6.140
`6.1.75`	affected	< 6.2
`6.7.2`	affected	< 6.8

Linux

affected

Version	Status	Constraints
`6.8`	affected	—
`0`	unaffected	< 6.8
`6.6.140`	unaffected	≤ 6.6.*
`6.12.88`	unaffected	≤ 6.12.*
`6.18.30`	unaffected	≤ 6.18.*
`7.0.7`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[15173a1697236793e9e900b82fece6f99d41b2a7,e451c325b000b9a0081fd93bc6d103d6943d4b55)`	affected	code_commit	—
`[fa6ad88e023ddfa6c5dcdb466d159e89f451e305,90cc573fd2f46ddbc2c329e7814b5ba3deb7b939)`	affected	code_commit	—
`[fa6ad88e023ddfa6c5dcdb466d159e89f451e305,0aa63d33742b805d1a218d18d12b983cce4b2f7b)`	affected	code_commit	—
`[fa6ad88e023ddfa6c5dcdb466d159e89f451e305,a0111847f0b4f6023f6dd320114697514e024ba3)`	affected	code_commit	—
`[fa6ad88e023ddfa6c5dcdb466d159e89f451e305,5373f8b19e568b5c217832b9bbef165bd2b2df14)`	affected	code_commit	—
`0c9318d49e501a5d50b02bd91a4813bde2353488`	affected	code_commit	—
`5c8cac512844ad593d31258e215908014381bee2`	affected	code_commit	—
`[6.6.14,6.6.140)`	affected	semver	—
`[6.1.75,6.2)`	affected	generic	—
`[6.7.2,6.8)`	affected	generic	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.8`	affected	generic	—
`[0,6.8)`	unaffected	generic	—
`[6.6.140,6.7.0)`	unaffected	semver	—
`[6.12.88,6.13.0)`	unaffected	semver	—
`[6.18.30,6.19.0)`	unaffected	semver	—
`[7.0.7,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that contains the mt76 mt7921 driver patch fixing the buffer length underflow.
If a kernel upgrade cannot be performed immediately, disable or remove the mt7921 wireless driver from the system configuration to prevent the faulty initialization path from executing.
Continuously monitor driver initialization logs for failures or repeated attempts to load the mt7921 driver, and reboot the device promptly if a failure is detected.

Generated by OpenCVE AI on May 28, 2026 at 11:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0aa63d33742b805d1a218d18d12b983cce4b2f7b
https://git.kernel.org/stable/c/5373f8b19e568b5c217832b9bbef165bd2b2df14
https://git.kernel.org/stable/c/90cc573fd2f46ddbc2c329e7814b5ba3deb7b939
https://git.kernel.org/stable/c/a0111847f0b4f6023f6dd320114697514e024ba3
https://git.kernel.org/stable/c/e451c325b000b9a0081fd93bc6d103d6943d4b55

History

Thu, 28 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-674 CWE-703

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix a potential clc buffer length underflow The buf_len is used to limit the iterations for retrieving the country power setting and may underflow under certain conditions due to changes in the power table in CLC. This underflow leads to an almost infinite loop or an invalid power setting resulting in driver initialization failure.
Title		wifi: mt76: mt7921: fix a potential clc buffer length underflow
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0aa63d33742b805d1a218d18d12b983cce4b2f7b https://git.kernel.org/stable/c/5373f8b19e568b5c217832b9bbef165bd2b2df14 https://git.kernel.org/stable/c/90cc573fd2f46ddbc2c329e7814b5ba3deb7b939 https://git.kernel.org/stable/c/a0111847f0b4f6023f6dd320114697514e024ba3 https://git.kernel.org/stable/c/e451c325b000b9a0081fd93bc6d103d6943d4b55

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:35:52.004Z

Updated: 2026-05-28T09:35:52.004Z

Reserved: 2026-05-13T15:03:33.099Z

Link: CVE-2026-46136

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-28T10:16:29.160

Modified: 2026-05-28T13:44:01.663

Link: CVE-2026-46136

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-28T12:30:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object