Skip to main content

Linux EUVDEUVD-2026-15343

| CVE-2026-23363 HIGH
Out-of-bounds Read (CWE-125)
2026-03-25 Linux GHSA-2cvc-xjmv-g6cj
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
SUSE
5.2 MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 24, 2026 - 18:52 vuln.today
cvss_changed
CVSS changed
Apr 24, 2026 - 18:52 NVD
7.1 (HIGH)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15343
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()

Check frame length before accessing the mgmt fields in mt7925_mac_write_txwi_80211 in order to avoid a possible oob access.

AnalysisAI

An out-of-bounds (OOB) memory access vulnerability exists in the Linux kernel's MediaTek MT7925 WiFi driver in the mt7925_mac_write_txwi_80211() function, which fails to validate frame length before accessing management frame fields. This vulnerability affects systems running Linux kernel versions with the vulnerable MT7925 driver code and could allow an attacker with local access or the ability to craft malicious wireless frames to read or write out-of-bounds memory, potentially leading to information disclosure or denial of service. While no CVSS score, EPSS data, or active exploitation reports are currently documented, the vulnerability has been patched across multiple stable Linux kernel branches as indicated by four distinct commit references.

Technical ContextAI

The vulnerability resides in the MediaTek MT7925 wireless driver (mt76), a Linux kernel subsystem responsible for managing MT7925-based WiFi hardware. The root cause is classified as an out-of-bounds access (OOB) vulnerability, likely falling under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) or CWE-125 (Out-of-bounds Read). The mt7925_mac_write_txwi_80211() function processes wireless management frames and writes transmit word index (TXWI) information without first validating that the frame is sufficiently long before accessing management-specific fields. The affected product is specified by CPE as Linux kernel versions containing this driver code (cpe:2.3:a:linux:linux), and the vulnerability was resolved through kernel patches merged into stable release branches, as evidenced by the four stable kernel commit hashes provided.

RemediationAI

Upgrade the Linux kernel to a version that includes the MT7925 driver fix, confirmed via the four stable kernel commits available at https://git.kernel.org/stable/ (commits 3356464e50e1ee15ba3c324ef6cc5a475c2e96e4, 2831a8c574545101e6d0df50785fccb16474eb3c, 22a6419a8b955df81082285543be3e61816c49b5, and c41a9abd6ae31d130e8f332e7c8800c4c866234b). Users should check their current kernel version using uname -r and verify that their distribution has included these patches in the latest available kernel update. For systems unable to immediately patch, minimize exposure by restricting wireless network access to trusted networks and disabling unnecessary wireless frame processing where possible, though these are temporary measures pending kernel update application.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15343 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy