1518 matches found
CVE-2026-10664 Out-of-bounds write in nRF70 Wi-Fi driver power-save event handler (unbounded TWT flow count)
The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...
CVE-2026-10664
CVE-2026-10664 reports an out-of-bounds write in the nRF70 Wi‑Fi driver power-save event handler (nrf_wifi_event_proc_get_power_save_info). The handler copies TWT entries from a power-save info event into a fixed-size twt_flows[8], iterating up to num_twt_flows without validating against WIFI_MAX...
SUSE CVE-2026-53112
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcntasklet The irqpreparebcntasklet is initialized in rtlpciinit and scheduled when RTLIMRBCNINT interrupt is triggered by hardware. But it is never...
Linux Distros Unpatched Vulnerability : CVE-2026-53318
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925txcheckaggr Move the NULL check for 'sta' before dereferencing it to prevent a possible crash...
CVE-2026-53318
A flaw was found in the Linux kernel's wifi subsystem, specifically within the mt76: mt7925 driver. This vulnerability arises from a missing check for a NULL pointer before it is used in the mt7925txcheckaggr function. Exploiting this flaw could lead to a system crash, causing a Denial of Service...
Linux Distros Unpatched Vulnerability : CVE-2026-53105
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: mt7925: prevent NULL vif dereference in mt7925macwritetxwi Check for a NULL vif before accessing ieee80211vifismldvif to avoid a potential kernel...
CVE-2026-53318
The CVE-2026-53318 affects the Linux kernel wifi subsystem, specifically the mt76: mt7925 driver. A NULL pointer dereference in mt7925_tx_check_aggr() is addressed by moving the NULL check for 'sta' before it is dereferenced, which prevents a possible crash (DoS). This fix is described as resolve...
CVE-2026-53318
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925txcheckaggr Move the NULL check for 'sta' before dereferencing it to prevent a possible crash...
CVE-2026-53101
A flaw was found in the Linux kernel's mt7921 Wi-Fi driver. A potential deadlock can occur when the rocabortsync function attempts to cancel a work item while rocwork is still running and holding a mutex. This situation, which can arise during Wi-Fi station removal, causes both sides to block,...
CVE-2026-53102
A flaw was found in the Linux kernel's mt76 Wi-Fi driver. This vulnerability, a memory leak, occurs when the mt76connacmcuallocstareq function allocates a socket buffer skb that is not properly freed if subsequent operations, such as mt76connacmcustawedupdate or mt76connacmcustakeytlv, fail. This...
CVE-2026-53178
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: rtwmlme: add bounds checks before ielength subtraction Add guards to ensure ielength is large enough before subtracting fixed IE offsets to prevent unsigned integer underflow...
CVE-2026-53097
A flaw was found in the Linux kernel's mt7996 Wi-Fi driver. A use-after-free vulnerability exists in the mt7996macdumpwork function due to a race condition during the detachment of the mt7996 PCI chip. This can occur when mt7996crashdata is released while a related work item is still active,...
Linux Distros Unpatched Vulnerability : CVE-2026-53093
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: brcmfmac: Fix error pointer dereference The function brcmfchipaddcore can return an error pointer and is not checked. Add checks for error pointer. Detect...
CVE-2026-53112
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcntasklet The irqpreparebcntasklet is initialized in rtlpciinit and scheduled when RTLIMRBCNINT interrupt is triggered by hardware. But it is never...
CVE-2026-53104
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak destroying device All MT76 rx queues have an associated pagepool even if the queue is not associated to a NAPI e.g. WED RRO queues with WED enabled. Destroy the pagepool running mt76dmacleanup routine...
EUVD-2026-38973
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL vif dereference in mt7925macwritetxwi Check for a NULL vif before accessing ieee80211vifismldvif to avoid a potential kernel panic in scenarios where vif might not be initialized...
CVE-2026-53104
The CVE-2026-53104 entry concerns the Linux kernel’s MT76 wifi driver. The issue is a memory leak in MT76 rx queues related to page pools: all rx queues have an associated page_pool even if not connected to a NAPI, and the mt76_dma_cleanup routine must destroy the page_pool during module unload. ...
EUVD-2026-38972
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak destroying device All MT76 rx queues have an associated pagepool even if the queue is not associated to a NAPI e.g. WED RRO queues with WED enabled. Destroy the pagepool running mt76dmacleanup routine...
CVE-2026-53102 wifi: mt76: Fix memory leak after mt76_connac_mcu_alloc_sta_req()
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak after mt76connacmcuallocstareq mt76connacmcuallocstareq allocates an skb which is expected to be freed eventually by mt76mcuskbsendmsg. However, currently if an intermediate function fails before...
CVE-2026-53100
The CVE-2026-53100 entry describes a deadlock in the Linux kernel’s wifi/mt76 path when remain-on-channel is used. Specifically, mt76_remain_on_channel() and mt76_roc_complete() call mt76_set_channel() while dev->mutex is already held; since mt76_set_channel() also acquires dev->mutex, this...