Impact
The vulnerability is a deadlock between the mt7925 Wi‑Fi driver's abort routine mt7925_roc_abort_sync and a worker thread roc_work that both use the same mutex (CWE-833). When a station is removed, the abort routine calls cancel_work_sync to stop the running worker, but if the worker already holds the mutex, both sides block and the driver hangs. This prevents the node from reconnecting and effectively denies Wi‑Fi service until a reboot is performed.
Affected Systems
Linux kernel families that ship the mt7925 driver without applying the recent patch (commit 153bcba36c87a1ba555b57b6c49028d5812f895b). The flaw affects any device using the mt76 mt7925 interface—consumer Wi‑Fi adapters, embedded boards, and other systems that rely on the the specific distribution, as long as the kernel version contains the unpatched code.
Risk and Exploitability
The CVSS score of 5.5 indicates moderate severity, and the EPSS score of <1% suggests a low probability of exploitation. The likely attack vector is inferred from the description: an attacker who can influence station removal—such as by sending management frames or—can cause the abort routine to trigger a deadlock. Successful exploitation results in a driver hang and denial of service until a reboot. Once the vendor’s patch is applied, the vulnerability is closed.
OpenCVE Enrichment