Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7921: Place upper limit on station AID

Any station configured with an AID over 20 causes a firmware crash.
This situation occurred in our testing using an AP interface on 7922
hardware, with a modified hostapd, sourced from Mediatek's OpenWRT
feeds.

In stock hostapd, station AIDs begin counting at 1, and this
configuration is prevented with an upper limit on associated stations.
However, the modified hostapd began allocation at 65, which caused the
firmware to crash. This fix does not allow these AIDs to work, but will
prevent the firmware crash.

This crash was only seen on IFTYPE_AP interfaces, and the fix does not
appear to have an effect on IFTYPE_STATION behavior.
Published: 2026-06-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A bug in the mt76 driver for Mediatek MT7921 and MT7922 adapters causes the firmware to crash when the hostapd daemon in AP mode allocates station AIDs larger than 20. The crash terminates the wireless interface, resulting in a complete loss of connectivity for all clients until the device is rebooted or the driver is replaced. This flaw is a classic bounds‑checking error (CWE-1284).

Affected Systems

Linux kernel builds that include the mt76 driver stack for Mediatek MT7921 or MT7922 hardware. Systems that run a kernel version missing the AID‑limit patch and use a hostapd configuration that starts station AID allocation at 65 (such as custom builds from Mediatek OpenWRT feeds) are vulnerable. The vulnerability does not affect station mode or other wireless drivers.

Risk and Exploitability

With a CVSS score of 5.5, the severity is moderate. The very low EPSS (<1%) and absence from the CISA KEV catalog indicate a low likelihood of widespread exploitation. The fault can only be triggered when hostapd is configured to assign AIDs greater than 20, which normally requires elevated privileges or a custom hostapd build. Therefore the attack surface is narrow and would likely involve an insider or compromised host running a malicious hostapd instance. The impact is transient service interruption until a reboot or kernel upgrade occurs.

Generated by OpenCVE AI on June 29, 2026 at 15:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that contains the mt7921 AID‑limit patch.
  • Reconfigure hostapd to use the default station AID range (1–20) or revert to the stock hostapd build that enforces this limit.
  • Validate any custom hostapd builds to ensure AID allocation starts at 1 and never exceeds 20 before deploying to production devices.

Generated by OpenCVE AI on June 29, 2026 at 15:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1284
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Fri, 26 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: Place upper limit on station AID Any station configured with an AID over 20 causes a firmware crash. This situation occurred in our testing using an AP interface on 7922 hardware, with a modified hostapd, sourced from Mediatek's OpenWRT feeds. In stock hostapd, station AIDs begin counting at 1, and this configuration is prevented with an upper limit on associated stations. However, the modified hostapd began allocation at 65, which caused the firmware to crash. This fix does not allow these AIDs to work, but will prevent the firmware crash. This crash was only seen on IFTYPE_AP interfaces, and the fix does not appear to have an effect on IFTYPE_STATION behavior.
Title wifi: mt76: mt7921: Place upper limit on station AID
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:41:09.868Z

Reserved: 2026-06-09T07:44:35.398Z

Link: CVE-2026-53317

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53317 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T16:00:05Z

Weaknesses
  • CWE-1284

    Improper Validation of Specified Quantity in Input