Impact
A bug in the mt76 driver for Mediatek MT7921 and MT7922 adapters causes the firmware to crash when the hostapd daemon in AP mode allocates station AIDs larger than 20. The crash terminates the wireless interface, resulting in a complete loss of connectivity for all clients until the device is rebooted or the driver is replaced. This flaw is a classic bounds‑checking error (CWE-1284).
Affected Systems
Linux kernel builds that include the mt76 driver stack for Mediatek MT7921 or MT7922 hardware. Systems that run a kernel version missing the AID‑limit patch and use a hostapd configuration that starts station AID allocation at 65 (such as custom builds from Mediatek OpenWRT feeds) are vulnerable. The vulnerability does not affect station mode or other wireless drivers.
Risk and Exploitability
With a CVSS score of 5.5, the severity is moderate. The very low EPSS (<1%) and absence from the CISA KEV catalog indicate a low likelihood of widespread exploitation. The fault can only be triggered when hostapd is configured to assign AIDs greater than 20, which normally requires elevated privileges or a custom hostapd build. Therefore the attack surface is narrow and would likely involve an insider or compromised host running a malicious hostapd instance. The impact is transient service interruption until a reboot or kernel upgrade occurs.
OpenCVE Enrichment