540 matches found
CVE-2026-53317
A flaw was found in the Linux kernel's Wi-Fi drivers mt76 and mt7921. A remote attacker could exploit this by configuring a Wi-Fi station with an Association ID AID exceeding the expected limit. This malformed AID can cause a firmware crash, leading to a Denial of Service DoS on the affected...
CVE-2026-53318
A flaw was found in the Linux kernel's wifi subsystem, specifically within the mt76: mt7925 driver. This vulnerability arises from a missing check for a NULL pointer before it is used in the mt7925txcheckaggr function. Exploiting this flaw could lead to a system crash, causing a Denial of Service...
CVE-2026-53317
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: Place upper limit on station AID Any station configured with an AID over 20 causes a firmware crash. This situation occurred in our testing using an AP interface on 7922 hardware, with a modified hostapd,...
UBUNTU-CVE-2026-53318
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925txcheckaggr Move the NULL check for 'sta' before dereferencing it to prevent a possible crash...
UBUNTU-CVE-2026-53317
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: Place upper limit on station AID Any station configured with an AID over 20 causes a firmware crash. This situation occurred in our testing using an AP interface on 7922 hardware, with a modified hostapd,...
CVE-2026-53318
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925txcheckaggr Move the NULL check for 'sta' before dereferencing it to prevent a possible crash...
CVE-2026-53104
A flaw was found in the Linux kernel's mt76 Wi-Fi driver. This vulnerability, a memory leak, occurs when the device is destroyed during module unload. Specifically, the mt76dmacleanup routine fails to properly destroy the pagepool associated with all MT76 receive queues, leading to unreleased...
SUSE CVE-2026-53102
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak after mt76connacmcuallocstareq mt76connacmcuallocstareq allocates an skb which is expected to be freed eventually by mt76mcuskbsendmsg. However, currently if an intermediate function fails before...
CVE-2026-53102
A flaw was found in the Linux kernel's mt76 Wi-Fi driver. This vulnerability, a memory leak, occurs when the mt76connacmcuallocstareq function allocates a socket buffer skb that is not properly freed if subsequent operations, such as mt76connacmcustawedupdate or mt76connacmcustakeytlv, fail. This...
Linux Distros Unpatched Vulnerability : CVE-2026-53104
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: Fix memory leak destroying device All MT76 rx queues have an associated pagepool even if the queue is not associated to a NAPI e.g. WED RRO queues...
Linux Distros Unpatched Vulnerability : CVE-2026-53102
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: Fix memory leak after mt76connacmcuallocstareq mt76connacmcuallocstareq allocates an skb which is expected to be freed eventually by...
Linux Distros Unpatched Vulnerability : CVE-2026-53100
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: fix deadlock in remain-on-channel mt76remainonchannel and mt76roccomplete call mt76setchannel while already holding dev-mutex. Since mt76setchannel...
CVE-2026-53100
A flaw was found in the Linux kernel's mt76 wireless driver. This vulnerability occurs in the remain-on-channel functionality, where the mt76remainonchannel and mt76roccomplete functions attempt to acquire a mutex that is already held. This improper handling of the device mutex can lead to a syst...
CVE-2026-53104
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak destroying device All MT76 rx queues have an associated pagepool even if the queue is not associated to a NAPI e.g. WED RRO queues with WED enabled. Destroy the pagepool running mt76dmacleanup routine...
CVE-2026-53102
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak after mt76connacmcuallocstareq mt76connacmcuallocstareq allocates an skb which is expected to be freed eventually by mt76mcuskbsendmsg. However, currently if an intermediate function fails before...
CVE-2026-53097
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix use-after-free bugs in mt7996macdumpwork When the mt7996 pci chip is detaching, the mt7996crashdata is released in mt7996coredumpunregister. However, the work item dumpwork may still be running or pending,...
CVE-2026-53105
The CVE-2026-53105 entry describes a Linux kernel fix for the wifi/mt76 mt7925 path, addressing a potential NULL vif dereference in mt7925_mac_write_txwi. The vulnerability arises when code accesses ieee80211_vif_is_mld(vif) without ensuring vif is initialized, which could trigger a kernel panic....
EUVD-2026-38971
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix potential deadlock in mt7925rocabortsync rocabortsync can deadlock with rocwork. rocwork holds dev-mt76.mutex, while cancelworksync waits for rocwork to finish. If the caller already owns the same mutex,...
EUVD-2026-38970
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak after mt76connacmcuallocstareq mt76connacmcuallocstareq allocates an skb which is expected to be freed eventually by mt76mcuskbsendmsg. However, currently if an intermediate function fails before...
CVE-2026-53102
Summary of CVE-2026-53102 (Linux kernel / wifi: mt76): The vulnerability concerns a memory leak in the mt76 driver for the mt76 wireless stack. Specifically, in mt76_connac_mcu_alloc_sta_req(), an skb allocated for MCU messaging is expected to be freed by mt76_mcu_skb_send_msg(), but if intermedi...