Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7925: fix potential deadlock in mt7925_roc_abort_sync

roc_abort_sync() can deadlock with roc_work(). roc_work() holds
dev->mt76.mutex, while cancel_work_sync() waits for roc_work()
to finish. If the caller already owns the same mutex, both
sides block and no progress is possible.

This deadlock can occur during station removal when
mt76_sta_state() -> mt76_sta_remove() ->
mt7925_mac_sta_remove_link() -> mt7925_mac_link_sta_remove() ->
mt7925_roc_abort_sync() invokes cancel_work_sync() while
roc_work() is still running and holding dev->mt76.mutex.

This avoids the mutex deadlock and preserves exactly-once
work ownership.
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a deadlock between the mt7925 Wi‑Fi driver's abort routine mt7925_roc_abort_sync and a worker thread roc_work that both use the same mutex (CWE-833). When a station is removed, the abort routine calls cancel_work_sync to stop the running worker, but if the worker already holds the mutex, both sides block and the driver hangs. This prevents the node from reconnecting and effectively denies Wi‑Fi service until a reboot is performed.

Affected Systems

Linux kernel families that ship the mt7925 driver without applying the recent patch (commit 153bcba36c87a1ba555b57b6c49028d5812f895b). The flaw affects any device using the mt76 mt7925 interface—consumer Wi‑Fi adapters, embedded boards, and other systems that rely on the the specific distribution, as long as the kernel version contains the unpatched code.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of <1% suggests a low probability of exploitation. The likely attack vector is inferred from the description: an attacker who can influence station removal—such as by sending management frames or—can cause the abort routine to trigger a deadlock. Successful exploitation results in a driver hang and denial of service until a reboot. Once the vendor’s patch is applied, the vulnerability is closed.

Generated by OpenCVE AI on June 27, 2026 at 02:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the mt7925 driver fix from commit 153bcba36c87a1ba555b57b6c49028d5812f895b.
  • Reboot the device after the update to load the new driver configuration.
  • Verify Wi‑Fi service stability by adding and removing stations and confirming that the device does not hang during station removal.

Generated by OpenCVE AI on June 27, 2026 at 02:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 27 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-833
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix potential deadlock in mt7925_roc_abort_sync roc_abort_sync() can deadlock with roc_work(). roc_work() holds dev->mt76.mutex, while cancel_work_sync() waits for roc_work() to finish. If the caller already owns the same mutex, both sides block and no progress is possible. This deadlock can occur during station removal when mt76_sta_state() -> mt76_sta_remove() -> mt7925_mac_sta_remove_link() -> mt7925_mac_link_sta_remove() -> mt7925_roc_abort_sync() invokes cancel_work_sync() while roc_work() is still running and holding dev->mt76.mutex. This avoids the mutex deadlock and preserves exactly-once work ownership.
Title wifi: mt76: mt7925: fix potential deadlock in mt7925_roc_abort_sync
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:39.184Z

Reserved: 2026-06-09T07:44:35.385Z

Link: CVE-2026-53103

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53103 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T03:00:12Z

Weaknesses