Skip to main content

Linux Kernel CVE-2026-46136

| EUVDEUVD-2026-32763 HIGH
Out-of-bounds Write (CWE-787)
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-jm55-4g4j-2rgw
High
Disputed · 7.8 NVD
Share

Severity by source

Sources disagree (Low–High)
NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
5.3 MEDIUM

Local trigger needing a specific CLC power-table condition (AV:L/AC:H), described impact is driver-init failure/DoS (A:H) with at most limited OOB corruption (I:L) and no confidentiality loss (C:N).

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
SUSE
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Red Hat
5.5 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 24, 2026 - 18:08 vuln.today
CVSS changed
Jun 24, 2026 - 18:07 NVD
7.8 (HIGH)
Patch available
May 28, 2026 - 12:31 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
HIGH 7.8
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7921: fix a potential clc buffer length underflow

The buf_len is used to limit the iterations for retrieving the country power setting and may underflow under certain conditions due to changes in the power table in CLC.

This underflow leads to an almost infinite loop or an invalid power setting resulting in driver initialization failure.

AnalysisAI

Denial-of-service in the Linux kernel mt76/mt7921 MediaTek Wi-Fi driver lets a buffer-length (buf_len) underflow occur while iterating the CLC (country location configuration) power table, producing a near-infinite loop or an invalid power setting that crashes driver initialization. Systems running affected kernels with MediaTek MT7921 Wi-Fi hardware are impacted; classified CWE-787 (out-of-bounds write) with a vendor-assigned CVSS of 7.8 (local, AV:L). No public exploit identified at time of analysis and EPSS is very low (0.02%), consistent with a reliability/DoS defect rather than a readily weaponizable memory-corruption primitive.

Technical ContextAI

The flaw lives in the mt76 driver framework's mt7921 sub-driver, which manages MediaTek MT7921-series 802.11ax Wi-Fi chipsets. During initialization the driver reads regulatory/country power constraints from the chipset's CLC (Country Location Configuration) data and walks the power table using a length counter (buf_len) to bound the loop. CWE-787 (out-of-bounds write) is the assigned root-cause class: because the CLC power table layout can change, buf_len can be decremented past zero and wrap (underflow) into a very large unsigned value, so the loop bound is no longer valid. The affected component is identified by CPE cpe:2.3:o:linux:linux_kernel:*, scoped in practice to kernels that build/load the mt7921 driver on hardware presenting MT7921 CLC data.

RemediationAI

Apply the patched stable kernel for your branch: the fix is present in 6.6.140, 6.12.88, 6.18.30, and 7.0.7 (and mainline 7.1-rc1), so upgrade to your distribution's kernel package that incorporates one of these or later. The individual commits can be cherry-picked from git.kernel.org/stable/c/ (e.g. 5373f8b19e568b5c217832b9bbef165bd2b2df14, e451c325b000b9a0081fd93bc6d103d6943d4b55) if you maintain a custom kernel. As a compensating control where patching must wait, unload/blacklist the mt7921 module (add mt7921e/mt7921 to a modprobe blacklist) on systems that do not require the MediaTek Wi-Fi adapter - the trade-off is loss of that Wi-Fi interface. Because triggering depends on local hardware/CLC power-table conditions rather than network input, restricting who can physically attach hardware or reload kernel modules also reduces exposure. Track remediation against NVD CVE-2026-46136.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

CVE-2026-46136 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy