Impact
A deadlock occurs in the Linux kernel’s mt76 Wi‑Fi driver when mt76_remain_on_channel() and mt76_roc_complete() invoke mt76_set_channel() while the device mutex is already held. The mt76_set_channel() function attempts to acquire the same mutex again, causing contention that stalls kernel threads. This freeze prevents normal kernel operations involving the driver and can halt network connectivity and overall system responsiveness, resulting in a denial‑of‑service condition.
Affected Systems
Linux kernel systems that include the mt76 Wi‑Fi driver are affected. The vulnerability is present in any kernel version that contains the unpatched mt76 driver code. Devices such as embedded routers and wireless adapters that rely on this driver are therefore at risk.
Risk and Exploitability
The deadlock is triggered during normal driver activity, such as remaining on a channel or completing a ROC operation. An attacker who can manipulate these actions—either through privileged network configuration or by exploiting a higher‑level vulnerability that grants kernel execution—could cause the kernel to hang, leading to a system‑wide denial of service. The risk is moderate, aligned with a CVSS score of 5.5, indicating potential system-wide denial of service if exploited. EPSS is not available and the vulnerability is not in the CISA KEV catalog, so there is no public evidence of exploitation yet, but the severity warrants immediate attention.
OpenCVE Enrichment