Lucene search
K

1518 matches found

Vulnrichment
Vulnrichment
added 3 days ago4 views

CVE-2026-10664 Out-of-bounds write in nRF70 Wi-Fi driver power-save event handler (unbounded TWT flow count)

The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...

5CVSS6.1AI score0.00143EPSS
Exploits0References2
CVE
CVE
added 3 days ago15 views

CVE-2026-10664

CVE-2026-10664 reports an out-of-bounds write in the nRF70 Wi‑Fi driver power-save event handler (nrf_wifi_event_proc_get_power_save_info). The handler copies TWT entries from a power-save info event into a fixed-size twt_flows[8], iterating up to num_twt_flows without validating against WIFI_MAX...

5CVSS6.1AI score0.00143EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/07/03 3:5 a.m.5 views

SUSE CVE-2026-53112

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcntasklet The irqpreparebcntasklet is initialized in rtlpciinit and scheduled when RTLIMRBCNINT interrupt is triggered by hardware. But it is never...

5.8AI score0.00164EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925txcheckaggr Move the NULL check for 'sta' before dereferencing it to prevent a possible crash...

5.5CVSS6AI score0.00114EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 10:3 a.m.8 views

CVE-2026-53318

A flaw was found in the Linux kernel's wifi subsystem, specifically within the mt76: mt7925 driver. This vulnerability arises from a missing check for a NULL pointer before it is used in the mt7925txcheckaggr function. Exploiting this flaw could lead to a system crash, causing a Denial of Service...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: mt7925: prevent NULL vif dereference in mt7925macwritetxwi Check for a NULL vif before accessing ieee80211vifismldvif to avoid a potential kernel...

6.1AI score0.00168EPSS
Exploits0References3
CVE
CVE
added 2026/06/26 7:41 p.m.13 views

CVE-2026-53318

The CVE-2026-53318 affects the Linux kernel wifi subsystem, specifically the mt76: mt7925 driver. A NULL pointer dereference in mt7925_tx_check_aggr() is addressed by moving the NULL check for 'sta' before it is dereferenced, which prevents a possible crash (DoS). This fix is described as resolve...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/06/26 7:41 p.m.7 views

CVE-2026-53318

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925txcheckaggr Move the NULL check for 'sta' before dereferencing it to prevent a possible crash...

5.5CVSS5.7AI score0.00114EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/26 6:38 p.m.8 views

CVE-2026-53101

A flaw was found in the Linux kernel's mt7921 Wi-Fi driver. A potential deadlock can occur when the rocabortsync function attempts to cancel a work item while rocwork is still running and holding a mutex. This situation, which can arise during Wi-Fi station removal, causes both sides to block,...

5.5CVSS5.7AI score0.00168EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:2 p.m.5 views

CVE-2026-53102

A flaw was found in the Linux kernel's mt76 Wi-Fi driver. This vulnerability, a memory leak, occurs when the mt76connacmcuallocstareq function allocates a socket buffer skb that is not properly freed if subsequent operations, such as mt76connacmcustawedupdate or mt76connacmcustakeytlv, fail. This...

5.5CVSS6AI score0.00156EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.6 views

CVE-2026-53178

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: rtwmlme: add bounds checks before ielength subtraction Add guards to ensure ielength is large enough before subtracting fixed IE offsets to prevent unsigned integer underflow...

8.1CVSS5.6AI score0.00214EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/25 8:16 a.m.10 views

CVE-2026-53097

A flaw was found in the Linux kernel's mt7996 Wi-Fi driver. A use-after-free vulnerability exists in the mt7996macdumpwork function due to a race condition during the detachment of the mt7996 PCI chip. This can occur when mt7996crashdata is released while a related work item is still active,...

6AI score0.00168EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.32 views

Linux Distros Unpatched Vulnerability : CVE-2026-53093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: brcmfmac: Fix error pointer dereference The function brcmfchipaddcore can return an error pointer and is not checked. Add checks for error pointer. Detect...

6AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 5:17 p.m.10 views

CVE-2026-53112

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcntasklet The irqpreparebcntasklet is initialized in rtlpciinit and scheduled when RTLIMRBCNINT interrupt is triggered by hardware. But it is never...

0.00164EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 5:17 p.m.9 views

CVE-2026-53104

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak destroying device All MT76 rx queues have an associated pagepool even if the queue is not associated to a NAPI e.g. WED RRO queues with WED enabled. Destroy the pagepool running mt76dmacleanup routine...

0.00166EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 4:30 p.m.7 views

EUVD-2026-38973

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL vif dereference in mt7925macwritetxwi Check for a NULL vif before accessing ieee80211vifismldvif to avoid a potential kernel panic in scenarios where vif might not be initialized...

5.7AI score0.00168EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 4:30 p.m.7 views

CVE-2026-53104

The CVE-2026-53104 entry concerns the Linux kernel’s MT76 wifi driver. The issue is a memory leak in MT76 rx queues related to page pools: all rx queues have an associated page_pool even if not connected to a NAPI, and the mt76_dma_cleanup routine must destroy the page_pool during module unload. ...

5.8AI score0.00166EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 4:30 p.m.8 views

EUVD-2026-38972

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak destroying device All MT76 rx queues have an associated pagepool even if the queue is not associated to a NAPI e.g. WED RRO queues with WED enabled. Destroy the pagepool running mt76dmacleanup routine...

5.8AI score0.00166EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 4:30 p.m.4 views

CVE-2026-53102 wifi: mt76: Fix memory leak after mt76_connac_mcu_alloc_sta_req()

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak after mt76connacmcuallocstareq mt76connacmcuallocstareq allocates an skb which is expected to be freed eventually by mt76mcuskbsendmsg. However, currently if an intermediate function fails before...

5.8AI score0.00156EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 4:30 p.m.14 views

CVE-2026-53100

The CVE-2026-53100 entry describes a deadlock in the Linux kernel’s wifi/mt76 path when remain-on-channel is used. Specifically, mt76_remain_on_channel() and mt76_roc_complete() call mt76_set_channel() while dev->mutex is already held; since mt76_set_channel() also acquires dev->mutex, this...

5.7AI score0.00166EPSS
Exploits0References3
Rows per page
Query Builder