Skip to main content

Linux EUVDEUVD-2026-15261

| CVE-2026-23315 HIGH
Out-of-bounds Read (CWE-125)
2026-03-25 Linux
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
SUSE
5.2 MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 23, 2026 - 21:11 vuln.today
cvss_changed
CVSS changed
Apr 23, 2026 - 21:11 NVD
7.1 (HIGH)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15261
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()

Check frame length before accessing the mgmt fields in mt76_connac2_mac_write_txwi_80211 in order to avoid a possible oob access.

[fix check to also cover mgmt->u.action.u.addba_req.capab, correct Fixes tag]

AnalysisAI

An out-of-bounds (OOB) memory access vulnerability exists in the Linux kernel's mt76 WiFi driver, specifically in the mt76_connac2_mac_write_txwi_80211() function which fails to validate frame length before accessing management frame fields. This affects all Linux kernel versions containing the vulnerable mt76 driver code and could allow an attacker to read sensitive kernel memory or trigger a denial of service through a specially crafted WiFi management frame. The vulnerability has been patched across multiple stable kernel branches with fixes available since the issue was identified.

Technical ContextAI

The vulnerability resides in the MediaTek mt76 WiFi driver (part of the Linux kernel), a component responsible for handling 802.11 wireless communications on systems using MediaTek chipsets. The vulnerable function mt76_connac2_mac_write_txwi_80211() processes WiFi management frames without adequately checking frame length boundaries before accessing nested structure fields such as mgmt->u.action.u.addba_req.capab (ADDBA Request capability fields). This represents a classic buffer over-read condition where the driver assumes sufficient data exists in the frame buffer without validation. The root cause is categorized as improper input validation (CWE-20 class vulnerability). Affected systems include any Linux distribution running kernels with the mt76 driver enabled and MediaTek WiFi hardware in use.

RemediationAI

Immediately update the Linux kernel to a version that includes one of the six available patches from the stable kernel branches (commit hashes: 84419556359bc96d3fe1623d47a64c86542566cc, 7ae7b093b7dba9548a3bc4766b9364b97db4732d, 7b692dff8df0ba5feb8df00f27d906d6eb1fe627, 9612d91f617231e03c49cb9b0c02f975a3b4f51f, 0fb3b94a9431a3800717e5c3b6fa2e1045a15029, 4e10a730d1b511ff49723371ed6d694dd1b2c785). Contact your Linux distribution vendor for backported kernel updates to stable releases. Until patching is possible, consider disabling the mt76 driver module if not actively required (modprobe -r mt76) or restricting WiFi network access by operating in a shielded environment. No known workarounds exist that maintain full WiFi functionality without patching.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15261 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy