1507 matches found
CVE-2026-10664
CVE-2026-10664 reports an out-of-bounds write in the nRF70 Wi‑Fi driver power-save event handler (nrf_wifi_event_proc_get_power_save_info). The handler copies TWT entries from a power-save info event into a fixed-size twt_flows[8], iterating up to num_twt_flows without validating against WIFI_MAX...
Linux Distros Unpatched Vulnerability : CVE-2026-53318
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925txcheckaggr Move the NULL check for 'sta' before dereferencing it to prevent a possible crash...
CVE-2026-53318
A flaw was found in the Linux kernel's wifi subsystem, specifically within the mt76: mt7925 driver. This vulnerability arises from a missing check for a NULL pointer before it is used in the mt7925txcheckaggr function. Exploiting this flaw could lead to a system crash, causing a Denial of Service...
Linux Distros Unpatched Vulnerability : CVE-2026-53105
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: mt76: mt7925: prevent NULL vif dereference in mt7925macwritetxwi Check for a NULL vif before accessing ieee80211vifismldvif to avoid a potential kernel...
CVE-2026-53318
The CVE-2026-53318 affects the Linux kernel wifi subsystem, specifically the mt76: mt7925 driver. A NULL pointer dereference in mt7925_tx_check_aggr() is addressed by moving the NULL check for 'sta' before it is dereferenced, which prevents a possible crash (DoS). This fix is described as resolve...
CVE-2026-53318
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925txcheckaggr Move the NULL check for 'sta' before dereferencing it to prevent a possible crash...
CVE-2026-53101
A flaw was found in the Linux kernel's mt7921 Wi-Fi driver. A potential deadlock can occur when the rocabortsync function attempts to cancel a work item while rocwork is still running and holding a mutex. This situation, which can arise during Wi-Fi station removal, causes both sides to block,...
CVE-2026-53102
A flaw was found in the Linux kernel's mt76 Wi-Fi driver. This vulnerability, a memory leak, occurs when the mt76connacmcuallocstareq function allocates a socket buffer skb that is not properly freed if subsequent operations, such as mt76connacmcustawedupdate or mt76connacmcustakeytlv, fail. This...
CVE-2026-53178
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: rtwmlme: add bounds checks before ielength subtraction Add guards to ensure ielength is large enough before subtracting fixed IE offsets to prevent unsigned integer underflow...
CVE-2026-53097
A flaw was found in the Linux kernel's mt7996 Wi-Fi driver. A use-after-free vulnerability exists in the mt7996macdumpwork function due to a race condition during the detachment of the mt7996 PCI chip. This can occur when mt7996crashdata is released while a related work item is still active,...
Linux Distros Unpatched Vulnerability : CVE-2026-53093
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: brcmfmac: Fix error pointer dereference The function brcmfchipaddcore can return an error pointer and is not checked. Add checks for error pointer. Detect...
EUVD-2026-38973
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL vif dereference in mt7925macwritetxwi Check for a NULL vif before accessing ieee80211vifismldvif to avoid a potential kernel panic in scenarios where vif might not be initialized...
EUVD-2026-38972
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak destroying device All MT76 rx queues have an associated pagepool even if the queue is not associated to a NAPI e.g. WED RRO queues with WED enabled. Destroy the pagepool running mt76dmacleanup routine...
EUVD-2026-38965
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix use-after-free bugs in mt7996macdumpwork When the mt7996 pci chip is detaching, the mt7996crashdata is released in mt7996coredumpunregister. However, the work item dumpwork may still be running or pending,...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl8xxxu: Fixed a slab-out-of-bounds issue in rtl8xxxustaadd. The driver does not set hw-stadatasize, which causes mac80211 to allocate insufficient space for the driver’s private station data in stainfoalloc. When...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Wifi: RSI: Fixed memory corruption caused by not setting the size of vif driver data. The struct ieee80211vif contains a trailing space for vif driver data. When the struct ieee80211vif is allocated, the total memory size allocat...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtw88: Fixed an alignment fault in rtwcoreenablebeacon. The rtwcoreenablebeacon function reads 4 bytes from an address that is not a multiple of 4. This results in a crash on some systems. Instead, only 1 byte is...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k: The affinity hint was cleared before calling ath11kpcicfreeirq in the error path. If a shared IRQ is used by the driver due to platform limitations, then the IRQ affinity hint is set correctly after the allocation o...
PT-2026-51999
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the mt7925 WiFi driver. The issue occurs in the mt7925 mac write txwi function, where the vif variable is accessed via ieee80211 vif is mldvif withou...
kernel: wifi: brcmfmac: validate bsscfg indices in IF events
A flaw was found in the Linux kernel's brcmfmac Wi-Fi driver. This vulnerability occurs because the driver fails to properly validate bsscfg indices in interface IF events. An attacker could exploit this by sending a specially crafted IF event with an invalid bsscfg index, which could lead to an...