CVE-2026-53103 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7925: fix potential deadlock in mt7925_roc_abort_sync

roc_abort_sync() can deadlock with roc_work(). roc_work() holds
dev->mt76.mutex, while cancel_work_sync() waits for roc_work()
to finish. If the caller already owns the same mutex, both
sides block and no progress is possible.

This deadlock can occur during station removal when
mt76_sta_state() -> mt76_sta_remove() ->
mt7925_mac_sta_remove_link() -> mt7925_mac_link_sta_remove() ->
mt7925_roc_abort_sync() invokes cancel_work_sync() while
roc_work() is still running and holding dev->mt76.mutex.

This avoids the mutex deadlock and preserves exactly-once
work ownership.

Published: 2026-06-24

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A deadlock can occur in the Linux mt7925 Wi‑Fi driver when the function that aborts a station removal operation holds a mutex that is also owned by a worker that is executed in parallel. If both sides wait for each other, no progress is possible and the driver can freeze, leading to a loss of connectivity. This is an instance of a hard‑coded race condition that can interrupt service availability. The vulnerability is characterized by synchronization failure identified in CWE‑749.

Affected Systems

Linux kernel distributions that ship the mt7925 driver without the applied patch. The exact affected kernel versions are not listed, but any device using the mt7925 network interface card and running an older kernel that contains the unpatched mt7925 driver is susceptible. This includes a range of consumer‑grade Wi‑Fi adapters and embedded systems that rely on the kernel’s mt76 subsystem.

Risk and Exploitability

The CVSS score is not reported and EPSS is not available, so the quantitative severity is unknown; however, the fix was released publicly, suggesting the issue was considered significant enough to warrant a patch. The development trace shows commits that correct the deadlock, implying that exploitation would only be possible on kernels that have not yet incorporated these changes. The likely attack vector is local or remote network traffic that triggers station removal (e.g., management frames), but detailed exploitation mechanics are not disclosed in the available data. In any case, the vulnerability’s impact is service disruption, and once triggered it can potentially hold the entire Wi‑Fi stack hostage until the device is rebooted.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`45064d19fd3af6aeb0887b35b5564927980cf150`	affected	< 153bcba36c87a1ba555b57b6c49028d5812f895b
`45064d19fd3af6aeb0887b35b5564927980cf150`	affected	< 2d8e0053bca29143ace51e08c980ff076844a4b0
`45064d19fd3af6aeb0887b35b5564927980cf150`	affected	< dd08ca3f092f4185ece69ce2a835c23198b1628a
`978d1756b3ae1b857826eb7ed8181f3c5180dce9`	affected	—
`6.11.2`	affected	< 6.12

Linux

affected

Version	Status	Constraints
`6.12`	affected	—
`0`	unaffected	< 6.12
`6.18.33`	unaffected	≤ 6.18.*
`7.0.10`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the mt7925 driver patch from commit 153bcba36c87a1ba555b57b6c49028d5812f895b, which removes the deadlock.
Reboot the device after applying the update to ensure the new driver configuration takes effect.
Verify Wi‑Fi service stability by connecting and disconnecting stations to confirm that no further hangs occur during station removal.

Generated by OpenCVE AI on June 24, 2026 at 19:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/153bcba36c87a1ba555b57b6c49028d5812f895b
https://git.kernel.org/stable/c/2d8e0053bca29143ace51e08c980ff076844a4b0
https://git.kernel.org/stable/c/dd08ca3f092f4185ece69ce2a835c23198b1628a

History

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix potential deadlock in mt7925_roc_abort_sync roc_abort_sync() can deadlock with roc_work(). roc_work() holds dev->mt76.mutex, while cancel_work_sync() waits for roc_work() to finish. If the caller already owns the same mutex, both sides block and no progress is possible. This deadlock can occur during station removal when mt76_sta_state() -> mt76_sta_remove() -> mt7925_mac_sta_remove_link() -> mt7925_mac_link_sta_remove() -> mt7925_roc_abort_sync() invokes cancel_work_sync() while roc_work() is still running and holding dev->mt76.mutex. This avoids the mutex deadlock and preserves exactly-once work ownership.
Title		wifi: mt76: mt7925: fix potential deadlock in mt7925_roc_abort_sync
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/153bcba36c87a1ba555b57b6c49028d5812f895b https://git.kernel.org/stable/c/2d8e0053bca29143ace51e08c980ff076844a4b0 https://git.kernel.org/stable/c/dd08ca3f092f4185ece69ce2a835c23198b1628a

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:30:39.184Z

Updated: 2026-06-24T16:30:39.184Z

Reserved: 2026-06-09T07:44:35.385Z

Link: CVE-2026-53103

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-24T20:00:10Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object