52 matches found
CVE-2026-46136
A flaw was found in the Linux kernel's wifi: mt76: mt7921 component. A buffer length underflow in the CLC Country Logic Control mechanism can occur due to changes in the power table. This issue may lead to an almost infinite loop or an invalid power setting, resulting in a Denial of Service DoS b...
CVE-2026-31552
CVE-2026-31552 affects the Linux kernel wlcore wifi path. A memory-allocation failure in wl1271_tx_allocate()/wl1271_prepare_tx_frame() could yield -EAGAIN and be misinterpreted by wlcore_tx_work_locked() as a full aggregation buffer, causing a retry loop under wl->mutex with GFP_ATOMIC. This ...
CVE-2026-23279
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL pointer dereference in meshrxcsaframe In meshrxcsaframe, elems-meshchanswparamsie is dereferenced at lines 1638 and 1642 without a prior NULL check: ifmsh-chswttl = elems-meshchanswparamsie-meshttl;...
CVE-2026-23152 wifi: mac80211: correctly decode TTLM with default link map
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: correctly decode TTLM with default link map TID-To-Link Mapping TTLM elements do not contain any link mapping presence indicator if a default mapping is used and parsing needs to be skipped. Note that access point...
CVE-2026-23130 wifi: ath12k: fix dead lock while flushing management frames
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dead lock while flushing management frames Commit 1 converted the management transmission work item into a wiphy work. Since a wiphy work can only run under wiphy lock protection, a race condition happens in bel...
UBUNTU-CVE-2026-23040
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This could result in a NULL pointer dereference in...
CVE-2022-50880 wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: add peer map clean up for peer delete in ath10kstastate When peer delete failed in a disconnect operation, use-after-free detected by KFENCE in below log. It is because for each vdevid and address, it has only one...
CVE-2023-54191 wifi: mt76: mt7996: fix memory leak in mt7996_mcu_exit
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix memory leak in mt7996mcuexit Always purge mcu skb queues in mt7996mcuexit routine even if mt7996firmwarestate fails...
UBUNTU-CVE-2025-68380
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix peer HE MCS assignment In ath11kwmisendpeerassoccmd, peer's transmit MCS is sent to firmware as receive MCS while peer's receive MCS sent as transmit MCS, which goes against firmwire's definition. While connecti...
CVE-2023-53992
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: ocb: don't leave if not joined If there's no OCB state, don't ask the driver/mac80211 to leave, since that's just confusing. Since set/clear the chandef state, that's a simple check...
kernel: wifi: mac80211: check S1G action frame size
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check S1G action frame size Before checking the action code, check that it even exists in the frame...
UBUNTU-CVE-2025-40131
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix peer lookup in ath12kdpmonrxdelivermsdu In ath12kdpmonrxdelivermsdu, peer lookup fails because rxcb-peerid is not updated with a valid value. This is expected in monitor mode, where RX frames bypass the regular ...
kernel: wifi: mac80211: don't flush non-uploaded STAs
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't flush non-uploaded STAs If STA state is pre-moved to AUTHORIZED such as in IBSS scenarios and insertion fails, the station is freed. In this case, the driver never knew about the station, so trying to flush ...
kernel: wifi: cfg80211: init wiphy_work before allocating rfkill fails
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphywork before allocating rfkill fails syzbort reported a uninitialize wiphyworklock in cfg80211devfree. 1 After rfkill allocation fails, the wiphy release process will be performed, which will cause...
Siemens SIMATIC Devices Use After Free (CVE-2024-35811)
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix use-after-free bug in brcmfcfg80211detach This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27053)
Vulnerability in the Linux kernel: wifi: wilc1000: RCU usage in connect path This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503627;...
CVE-2023-53602 wifi: ath11k: fix memory leak in WMI firmware stats
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leak in WMI firmware stats Memory allocated for firmware pdev, vdev and beacon statistics are not released during rmmod. Fix it by calling ath11kfwstatsfree function before hardware unregister. While at i...
EUVD-2025-25558
Malicious code in bioql PyPI...
CVE-2025-39918 wifi: mt76: fix linked list corruption
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix linked list corruption Never leave scheduled wcid entries on the temporary on-stack list...
SUSE CVE-2023-53203
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: rely on mt76connac2mactxrateval In order to fix a possible NULL pointer dereference in mt7996macwritetxwi of vif pointer, export mt76connac2mactxrateval utility routine and reuse it in mt7996 driver...