{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23363", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.002Z", "datePublished": "2026-03-25T10:27:46.204Z", "dateUpdated": "2026-05-11T22:05:25.399Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:05:25.399Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()\n\nCheck frame length before accessing the mgmt fields in\nmt7925_mac_write_txwi_80211 in order to avoid a possible oob access."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/mediatek/mt76/mt7925/mac.c"], "versions": [{"version": "c948b5da6bbec742b433138e3e3f9537a85af2e5", "lessThan": "3356464e50e1ee15ba3c324ef6cc5a475c2e96e4", "status": "affected", "versionType": "git"}, {"version": "c948b5da6bbec742b433138e3e3f9537a85af2e5", "lessThan": "2831a8c574545101e6d0df50785fccb16474eb3c", "status": "affected", "versionType": "git"}, {"version": "c948b5da6bbec742b433138e3e3f9537a85af2e5", "lessThan": "22a6419a8b955df81082285543be3e61816c49b5", "status": "affected", "versionType": "git"}, {"version": "c948b5da6bbec742b433138e3e3f9537a85af2e5", "lessThan": "c41a9abd6ae31d130e8f332e7c8800c4c866234b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/mediatek/mt76/mt7925/mac.c"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/3356464e50e1ee15ba3c324ef6cc5a475c2e96e4"}, {"url": "https://git.kernel.org/stable/c/2831a8c574545101e6d0df50785fccb16474eb3c"}, {"url": "https://git.kernel.org/stable/c/22a6419a8b955df81082285543be3e61816c49b5"}, {"url": "https://git.kernel.org/stable/c/c41a9abd6ae31d130e8f332e7c8800c4c866234b"}], "title": "wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAB42ADC-2196-46FA-AAE7-AE91B7577E53", "versionEndExcluding": "6.12.77", "versionStartIncluding": "6.7.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5E006E4-59C7-43C1-9231-62A72219F2BA", "versionEndExcluding": "6.18.17", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3", "versionEndExcluding": "6.19.7", "versionStartIncluding": "6.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.7:-:*:*:*:*:*:*", "matchCriteriaId": "62B55B1B-7D3E-499B-9C42-E9F1EF05A54A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()\n\nCheck frame length before accessing the mgmt fields in\nmt7925_mac_write_txwi_80211 in order to avoid a possible oob access."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nwifi: mt76: mt7925: Corrige posible acceso fuera de l\u00edmites en mt7925_mac_write_txwi_80211()\n\nComprueba la longitud del frame antes de acceder a los campos mgmt en mt7925_mac_write_txwi_80211 para evitar un posible acceso fuera de l\u00edmites."}], "id": "CVE-2026-23363", "lastModified": "2026-04-24T18:48:32.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-25T11:16:35.407", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/22a6419a8b955df81082285543be3e61816c49b5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2831a8c574545101e6d0df50785fccb16474eb3c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3356464e50e1ee15ba3c324ef6cc5a475c2e96e4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c41a9abd6ae31d130e8f332e7c8800c4c866234b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()", "id": "2451163", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451163"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-805", "details": ["A flaw was found in the Linux kernel's mt76 wireless driver, specifically within the mt7925 component. This vulnerability arises from a failure to properly check the frame length before accessing management fields in the mt7925_mac_write_txwi_80211() function. An attacker could potentially exploit this to trigger an out-of-bounds memory access, which may lead to system instability or other unpredictable behavior."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent the mt7925e or mt7925u module from being loaded. See https://access.redhat.com/solutions/41278 for instructions."}, "name": "CVE-2026-23363", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23363\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23363\nhttps://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23363-3e24@gregkh/T"], "statement": "This flaw affects systems with MediaTek MT7925 wireless adapters. The missing frame length check in mt7925_mac_write_txwi_80211() allows OOB access when processing malformed management frames. Exploitation requires the ability to inject crafted wireless frames, which may be possible over the air depending on the wireless configuration.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c948b5da6bbec742b433138e3e3f9537a85af2e5,3356464e50e1ee15ba3c324ef6cc5a475c2e96e4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c948b5da6bbec742b433138e3e3f9537a85af2e5,2831a8c574545101e6d0df50785fccb16474eb3c)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c948b5da6bbec742b433138e3e3f9537a85af2e5,22a6419a8b955df81082285543be3e61816c49b5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[c948b5da6bbec742b433138e3e3f9537a85af2e5,c41a9abd6ae31d130e8f332e7c8800c4c866234b)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.7"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.7)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,6.13.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0-rc3,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T22:01:20.930126+00:00", "value": {"mitigation_remediation": ["Apply a kernel update that includes the mt7925 patch", "If an official update is not yet available, apply the upstream source patch manually", "Disable the mt7925 wireless interface until the kernel patch is applied"], "summary": {"action": "Apply patch", "impact": "Kernel memory corruption and potential system crash"}, "threat_synthesis": {"affected_systems": "Linux kernel builds that include the mt76 driver with the mt7925 module and have not yet incorporated the upstream patch are vulnerable. Devices that rely on the mt7925 wireless chip, such as many consumer laptop and embedded adapters, are within scope. The vulnerability exists in the kernel component that interfaces directly with Wi\u2011Fi hardware and is not limited to a specific kernel version beyond those that lack the patch.", "description_and_impact": "A memory controller in the Linux kernel\u2019s mt7925 Wi\u2011Fi driver can read or write outside the bounds of a buffer when handling certain transmission control frames, an out\u2011of\u2011bounds read/write vulnerability (CWE-125) and buffer over\u2011read (CWE-805). This out\u2011of\u2011bounds access can corrupt kernel memory, leading to a crash or other instability of the operating system. The flaw does not grant direct privilege escalation; its most severe consequence is loss of availability.", "risk_and_exploitability": "The score of 7.1 indicates a high impact, while the probability of exploitation remains low, with an estimated likelihood of under 1%. The vulnerability is not catalogued as a widely exploited issue. It is inferred that an attacker would need to transmit a specially crafted Wi\u2011Fi packet that reaches the vulnerable driver, implying a remote, network\u2011based attack vector. Successful exploitation would likely cause a kernel crash or memory corruption, disrupting service but not necessarily elevating privileges."}}}}, "created": "2026-03-25T21:31:52.735812+00:00", "updated": "2026-04-28T22:15:41.356968+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}