12254 matches found
CVE-2026-53102
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak after mt76connacmcuallocstareq mt76connacmcuallocstareq allocates an skb which is expected to be freed eventually by mt76mcuskbsendmsg. However, currently if an intermediate function fails before...
CVE-2026-53105
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL vif dereference in mt7925macwritetxwi Check for a NULL vif before accessing ieee80211vifismldvif to avoid a potential kernel panic in scenarios where vif might not be initialized...
CVE-2026-53101
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix potential deadlock in mt7921rocabortsync rocabortsync can deadlock with rocwork. rocwork holds dev-mt76.mutex, while cancelworksync waits for rocwork to finish. If the caller already owns the same mutex,...
CVE-2026-53103
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix potential deadlock in mt7925rocabortsync rocabortsync can deadlock with rocwork. rocwork holds dev-mt76.mutex, while cancelworksync waits for rocwork to finish. If the caller already owns the same mutex,...
CVE-2026-53104
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak destroying device All MT76 rx queues have an associated pagepool even if the queue is not associated to a NAPI e.g. WED RRO queues with WED enabled. Destroy the pagepool running mt76dmacleanup routine...
CVE-2026-53107
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: don't kill URBs in interrupt context Serialization for the TX path was enforced by calling usbkillurb/usbkillanchoredurbs, to prevent transmission before a previous URB was completed. usbtxblock can be called from...
CVE-2026-53097
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix use-after-free bugs in mt7996macdumpwork When the mt7996 pci chip is detaching, the mt7996crashdata is released in mt7996coredumpunregister. However, the work item dumpwork may still be running or pending,...
CVE-2026-53093
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix error pointer dereference The function brcmfchipaddcore can return an error pointer and is not checked. Add checks for error pointer. Detected by Smatch:...
CVE-2026-53113
The CVE-2026-53113 entry concerns the Linux kernel wifi driver ath11k, where beacon template setup functions ath11k_mac_setup_bcn_tmpl_ema() and ath11k_mac_setup_bcn_tmpl_mbssid() allocate memory for beacon templates but fail to release it on error. The issue is addressed by implementing unified ...
CVE-2026-53112 wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irq_prepare_bcn_tasklet
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcntasklet The irqpreparebcntasklet is initialized in rtlpciinit and scheduled when RTLIMRBCNINT interrupt is triggered by hardware. But it is never...
CVE-2026-53107
The CVE-2026-53107 entry documents a Linux kernel WiFi libertas issue where URBs could be killed in interrupt context. The fix removes usb_tx_block() as a universal weapon for in-flight URBs in interrupt paths and instead checks the tx_submitted anchor to detect pending URBs, returning -EBUSY whe...
EUVD-2026-38975
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: don't kill URBs in interrupt context Serialization for the TX path was enforced by calling usbkillurb/usbkillanchoredurbs, to prevent transmission before a previous URB was completed. usbtxblock can be called from...
CVE-2026-53107 wifi: libertas: don't kill URBs in interrupt context
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: don't kill URBs in interrupt context Serialization for the TX path was enforced by calling usbkillurb/usbkillanchoredurbs, to prevent transmission before a previous URB was completed. usbtxblock can be called from...
EUVD-2026-38973
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL vif dereference in mt7925macwritetxwi Check for a NULL vif before accessing ieee80211vifismldvif to avoid a potential kernel panic in scenarios where vif might not be initialized...
EUVD-2026-38971
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix potential deadlock in mt7925rocabortsync rocabortsync can deadlock with rocwork. rocwork holds dev-mt76.mutex, while cancelworksync waits for rocwork to finish. If the caller already owns the same mutex,...
EUVD-2026-38972
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak destroying device All MT76 rx queues have an associated pagepool even if the queue is not associated to a NAPI e.g. WED RRO queues with WED enabled. Destroy the pagepool running mt76dmacleanup routine...
CVE-2026-53104
The CVE-2026-53104 entry concerns the Linux kernel’s MT76 wifi driver. The issue is a memory leak in MT76 rx queues related to page pools: all rx queues have an associated page_pool even if not connected to a NAPI, and the mt76_dma_cleanup routine must destroy the page_pool during module unload. ...
CVE-2026-53103
CVE-2026-53103 concerns the Linux kernel wifi driver stack, specifically the mt76/mt7925 components. The issue is a potential deadlock between roc_abort_sync() and roc_work(): roc_work() holds dev->mt76.mutex while cancel_work_sync() waits for roc_work() to complete. If the caller already owns...
CVE-2026-53103 wifi: mt76: mt7925: fix potential deadlock in mt7925_roc_abort_sync
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix potential deadlock in mt7925rocabortsync rocabortsync can deadlock with rocwork. rocwork holds dev-mt76.mutex, while cancelworksync waits for rocwork to finish. If the caller already owns the same mutex,...
CVE-2026-53102
Summary of CVE-2026-53102 (Linux kernel / wifi: mt76): The vulnerability concerns a memory leak in the mt76 driver for the mt76 wireless stack. Specifically, in mt76_connac_mcu_alloc_sta_req(), an skb allocated for MCU messaging is expected to be freed by mt76_mcu_skb_send_msg(), but if intermedi...