14048 matches found
CVE-2026-38571
Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 V603 allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write...
CVE-2026-53112
A flaw was found in the Linux kernel's rtlwifi PCI driver. This vulnerability, a use-after-free, occurs when a rtlwifi wireless card is detached or fails to initialize, and a related background task is not properly shut down. This can lead to the system attempting to access memory that has alread...
CVE-2026-53105
A flaw was found in the Linux kernel's Wi-Fi subsystem, specifically within the mt76: mt7925 driver. This vulnerability occurs due to a missing check for a NULL 'vif' Virtual Interface before it is accessed. An attacker could potentially trigger a kernel panic by exploiting scenarios where the...
CVE-2026-53257
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: enforce HE/EHT cap/oper consistency Xiang Mei reports that mac80211 could crash if ehtcap is set but ehtoper isn't. Rather than fixing that for the individual users, enforce that both HE/EHT have consistent elemen...
CVE-2026-53182
CVE-2026-53182 affects the Linux kernel nl80211: rejects oversized EMA RNR lists in nl80211_parse_rnr_elems, using a u8 counter and capping at 255 to align with the underlying data structure. Several advisories (Red Hat, Debian family, Ubuntu OSV entries, and Root) confirm patches are released in...
EUVD-2026-38980
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: pci: fix possible use-after-free caused by unfinished irqpreparebcntasklet The irqpreparebcntasklet is initialized in rtlpciinit and scheduled when RTLIMRBCNINT interrupt is triggered by hardware. But it is never...
EUVD-2026-38972
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak destroying device All MT76 rx queues have an associated pagepool even if the queue is not associated to a NAPI e.g. WED RRO queues with WED enabled. Destroy the pagepool running mt76dmacleanup routine...
EUVD-2026-38970
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix memory leak after mt76connacmcuallocstareq mt76connacmcuallocstareq allocates an skb which is expected to be freed eventually by mt76mcuskbsendmsg. However, currently if an intermediate function fails before...
kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result
A flaw was found in the Linux kernel's Wi-Fi mac80211 subsystem. The ieee80211invokefastrx function uses a static variable for rxresult, which is shared across concurrent calls. This can lead to incorrect processing of Wi-Fi packets, where a packet might be mishandled or its status incorrectly...
kernel: wifi: mac80211: remove station if connection prep fails
A flaw was found in the Linux kernel's mac80211 Wi-Fi subsystem. When Multi-Link Operation MLO connection preparation fails, the system may not correctly remove the associated station. This can lead to a use-after-free or double-free vulnerability in the debugfs component, potentially causing...
EUVD-2026-38200
A flaw has been found in Comfast CF-WR631AX V3 up to 2.7.0.8. This issue affects the function system of the file /cgi-bin/mbox-config?section=pingconfig of the component API Endpoint. This manipulation of the argument destination causes os command injection. The attack is possible to be carried o...
RHEL 9 : kernel (RHSA-2026:27708)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27708 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: smc: Fix use-after-free in...
RHEL 7 : kernel (RHSA-2026:27729)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27729 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of servi...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm: Pause TCM when the firmware is stopped Ignoring this issue will cause us to send a host command to the transport module while the firmware is not active, which will trigger a WARNING. bad state = 0 WARNING: CP...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mt76: mt7996 – Drop fragments with multicast or broadcast RA. IEEE 802.11 fragmentation can only be applied to unicast frames. Therefore, fragments are dropped during multicast or broadcast RA. This patch addresses...
Astra Linux – Vulnerability in Wireshark
A NULL pointer exception occurs in the IEEE 802.11 dissector in Wireshark versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17, allowing for denial of service through packet injection or with crafted capture files...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fixed node corruption in the “ar-arvifs” list In the current WLAN recovery code flow, ath11kcorehalt only re initializes the “arvifs” list head. This causes the list node immediately following the list head to becom...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames sent to non-broadcast addresses Beacon frames are required to be sent to the broadcast address. See IEEE Std 802.11-2020, 11.1.3.1: “The ‘Address 1’ field of the Beacon frame shall be set to...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath9k: Fixed a potential array-index-out-of-bounds read in ath9khtctxstatus. The bug occurs when txs-cnt—data from a URB provided by a USB device—is larger than the size of the array txs-txstatus, which is HTCMAXTXSTATUS...
Astra Linux – Vulnerability in Linux
The 802.11 standard that underpins Wi-Fi Protected Access WPA, WPA2, and WPA3 and Wired Equivalent Privacy WEP does not require that all fragments of a frame be encrypted with the same key. An adversary can exploit this weakness to decrypt selected fragments when another device sends fragmented...