VYPR
← All advisories
High severity7.1NVD Advisory· Published Mar 25, 2026· Updated Apr 24, 2026

CVE-2026-23363

CVE-2026-23363

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()

Check frame length before accessing the mgmt fields in mt7925_mac_write_txwi_80211 in order to avoid a possible oob access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel, a missing frame length check in mt7925_mac_write_txwi_80211() of the mt76 mt7925 WiFi driver can cause an out-of-bounds access.

Root

Cause

The vulnerability exists in the function mt7925_mac_write_txwi_80211() within the mt76 WiFi driver for MediaTek MT7925 chipsets. The function fails to validate the frame length before accessing management frame fields, potentially leading to an out-of-bounds memory access [1].

Exploitation

An attacker within radio range of a device using an affected kernel could send a specially crafted 802.11 management frame. When the driver processes this frame during TX descriptor writing, the missing length check allows reading or writing beyond the allocated buffer [2]. No authentication is required; proximity to the target is sufficient.

Impact

Successful exploitation could cause memory corruption, leading to a system crash (denial of service) or potentially arbitrary code execution in kernel context. The out-of-bounds access may corrupt adjacent memory structures, compromising system integrity [3].

Mitigation

The fix, which adds a frame length check before accessing management fields, has been backported to stable kernel branches. Users should update to kernels containing the commits referenced in [1], [2], [3], and [4] (e.g., Linux kernel 6.1.133+ or 6.13.7+). No workarounds are available; applying the patch is necessary to eliminate the vulnerability.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!
  4. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

10
  • Linux/Kernel10 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.7.1,<6.12.77
    • cpe:2.3:o:linux:linux_kernel:6.7:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
    • (no CPE)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.