Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr()

Move the NULL check for 'sta' before dereferencing it to prevent a
possible crash.
Published: 2026-06-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A null pointer dereference occurs in the wireless driver function mt7925_tx_check_aggr() when the variable 'sta' is not checked before use. The resulting kernel crash can terminate the wireless subsystem and potentially reboot the system, causing a denial of service. This weakness is a classic null pointer dereference flaw that can be exploited by an attacker who can influence driver input or network traffic to trigger the bug.

Affected Systems

The flaw affects Linux kernel installations that include the mt76 wireless driver, specifically the mt7925 variant. The affected environments are generic Linux distributions using the standard kernel and driver stack; no specific vendor versions are listed. System administrators should verify that their kernel packages contain the latest commit references in the provided URLs.

Risk and Exploitability

No public exploitation exploits or KEV listings are available for this issue, and the EPSS score is < 1%. Based on the description, the weakest attack vector is a local or privileged network attacker who can send crafted frames that reach the function in question. The resulting crash does not lead to arbitrary code execution, but an attacker can disrupt availability. The CVSS score of 5.5 indicates a moderate risk, and the severity remains primarily a denial‑of‑service concern rather than a privilege escalation or code execution risk.

Generated by OpenCVE AI on June 29, 2026 at 14:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the recent commit adding a NULL check to mt7925_tx_check_aggr(), or apply the vendor provided patch from the referenced commits.
  • If immediate kernel update is not feasible, consider disabling or temporarily removing the mt76 driver until the patch can be applied, or reduce exposure by limiting the device to a trusted network with strict access controls.
  • Restart the affected system to clear any crashed components and ensure the kernel is operating with the corrected code path.

Generated by OpenCVE AI on June 29, 2026 at 14:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Fri, 26 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr() Move the NULL check for 'sta' before dereferencing it to prevent a possible crash.
Title wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:41:10.611Z

Reserved: 2026-06-09T07:44:35.398Z

Link: CVE-2026-53318

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53318 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T14:15:05Z

Weaknesses