Skip to main content

Linux Kernel mt7925 CVE-2026-53318

| EUVDEUVD-2026-39853 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-26 Linux GHSA-36x8-5j9r-qw5f
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access with low privileges required to trigger TX path; availability-only impact via kernel panic; no confidentiality or integrity loss.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 06, 2026 - 20:44 vuln.today
CVSS changed
Jul 06, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
Jun 26, 2026 - 21:02 EUVD
CVE Published
Jun 26, 2026 - 19:41 nvd
MEDIUM 5.5
CVE Published
Jun 26, 2026 - 19:41 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr()

Move the NULL check for 'sta' before dereferencing it to prevent a possible crash.

AnalysisAI

NULL pointer dereference in the Linux kernel's mt76/mt7925 WiFi driver crashes the kernel when the 'sta' pointer is dereferenced before a NULL check in mt7925_tx_check_aggr(). Systems with MediaTek mt7925 WiFi hardware running affected kernel versions are exposed to a local denial-of-service via kernel panic. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local shell on mt7925 system
Delivery
Load or confirm mt7925 driver active
Exploit
Trigger TX aggregation path
Execution
Dereference NULL 'sta' pointer
Persist
Kernel panic
Impact
System crash (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) local access with low-privilege user credentials (PR:L per CVSS vector); (2) target system must have MediaTek mt7925 WiFi hardware with the mt7925 driver loaded and active; (3) kernel version must fall within the affected commit range post-44eb173bdd4f1775e13fce483d9e44ea8929717f and prior to the respective stable-branch fix commits. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is limited despite the High availability impact in the CVSS score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with a standard shell account on a laptop equipped with a MediaTek mt7925 WiFi adapter triggers a transmit path operation - such as sustained high-throughput traffic or a rapid connect/disconnect cycle - that causes a NULL 'sta' pointer to reach mt7925_tx_check_aggr(). The kernel dereferences the pointer, generating a NULL pointer exception that results in a kernel panic and immediate system reboot or hang. …
Remediation Update to a patched stable kernel release: Linux 6.12.91, 6.18.33, 7.0.10, or 7.1. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53318 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy