Skip to main content

Linux EUVDEUVD-2026-15278

| CVE-2026-23325 HIGH
Out-of-bounds Read (CWE-125)
2026-03-25 Linux GHSA-ghwv-vcf8-g6g9
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
SUSE
5.2 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 23, 2026 - 21:27 vuln.today
cvss_changed
CVSS changed
Apr 23, 2026 - 21:27 NVD
7.1 (HIGH)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15278
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()

Check frame length before accessing the mgmt fields in mt7996_mac_write_txwi_80211 in order to avoid a possible oob access.

AnalysisAI

An out-of-bounds (OOB) memory access vulnerability exists in the Linux kernel's MediaTek MT7996 WiFi driver (mt76) within the mt7996_mac_write_txwi_80211() function. The vulnerability occurs when the function accesses management frame fields without first validating the frame length, potentially allowing information disclosure or denial of service on systems using affected MT7996 hardware. Multiple stable kernel patches are available across several kernel versions, indicating the issue has been actively remediated in the upstream Linux project.

Technical ContextAI

The vulnerability resides in the mt76 WiFi driver stack, specifically in the MediaTek MT7996 chipset implementation. The affected function mt7996_mac_write_txwi_80211() is responsible for writing transmit word index (TXWI) information for 802.11 management frames. The root cause is a missing bounds check (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) before accessing management frame fields from a skb (socket buffer) structure. The mt76 driver is part of the Linux kernel networking subsystem (CPE: cpe:2.3:a:linux:linux), which affects all distributions and embedded systems running vulnerable kernel versions. Without proper frame length validation, an attacker who can craft malicious 802.11 frames could trigger out-of-bounds memory reads, potentially leaking sensitive kernel memory or causing kernel panics.

RemediationAI

Apply the upstream Linux kernel patch by upgrading to a kernel version that includes one of the five referenced remediation commits. Users should check with their Linux distribution for backported patches in their stable kernel update channels. For systems unable to immediately upgrade, network-level mitigations include: disabling or limiting 802.11 management frame processing when not required, restricting WiFi radio reception to known secure networks, and implementing strict wireless network access controls to prevent reception of crafted frames from untrusted sources. Distributions should prioritize backporting the fix to all supported LTS (Long-Term Support) kernel branches, particularly those powering embedded systems and wireless infrastructure. Monitor kernel.org and your distribution's security advisories for official patched releases and apply updates at the earliest maintenance window.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15278 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy