VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 22, 2025· Updated Apr 15, 2026

CVE-2023-53710

CVE-2023-53710

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7921: fix error code of return in mt7921_acpi_read

Kernel NULL pointer dereference when ACPI SAR table isn't implemented well. Fix the error code of return to mark the ACPI SAR table as invalid.

[ 5.077128] mt7921e 0000:06:00.0: sar cnt = 0 [ 5.077381] BUG: kernel NULL pointer dereference, address: 0000000000000004 [ 5.077630] #PF: supervisor read access in kernel mode [ 5.077883] #PF: error_code(0x0000) - not-present page [ 5.078138] PGD 0 P4D 0 [ 5.078398] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 5.079202] RIP: 0010:mt7921_init_acpi_sar+0x106/0x220 [mt7921_common] ... [ 5.080786] Call Trace: [ 5.080786] [ 5.080786] mt7921_register_device+0x37d/0x490 [mt7921_common] [ 5.080786] mt7921_pci_probe.part.0+0x2ee/0x310 [mt7921e] [ 5.080786] mt7921_pci_probe+0x52/0x70 [mt7921e] [ 5.080786] local_pci_probe+0x47/0x90 [ 5.080786] pci_call_probe+0x55/0x190 [ 5.080786] pci_device_probe+0x84/0x120

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in mt7921 ACPI SAR reading can crash the kernel on malformed ACPI tables.

CVE-2023-53710 is a vulnerability in the Linux kernel's mt76 Wi-Fi driver for MediaTek MT7921 chipsets. The issue is in the mt7921_acpi_read function: when an ACPI SAR (Specific Absorption Rate) table is present but malformed (e.g., SAR count is zero), the function fails to return a proper error code, causing the caller to proceed with a NULL pointer. This leads to a kernel NULL pointer dereference at address 0x4 when the driver attempts to dereference the invalid pointer during initialization [1].

Exploitation

An attacker needs local access to trigger the vulnerable code path by providing a crafted ACPI table that passes the initial presence check but has invalid contents. No special privileges are required beyond the ability to boot or hotplug a device using the mt7921 driver. The bug manifests as a NULL pointer dereference in mt7921_init_acpi_sar during the probe sequence, as shown by the call trace in the kernel log [1].

Impact

Successful exploitation causes a kernel NULL pointer dereference, resulting in a denial of service (system crash or panic). The impact is limited to local availability; there is no evidence of privilege escalation or data exfiltration.

Mitigation

The fix corrects the return code in mt7921_acpi_read to indicate an invalid ACPI SAR table, preventing the NULL pointer dereference. The patch has been merged into the upstream kernel stable tree [1]. Users are advised to apply the patch or update to a kernel version containing the fix.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

3
2a9a5f88e0da
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
59c2b0aec7a5
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
888d89034f9e
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.