Skip to main content

Linux Kernel iwlwifi EUVDEUVD-2026-28609

| CVE-2026-43325 MEDIUM
2026-05-08 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-hhhc-p289-ww9x
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 18:23 vuln.today
CVSS changed
May 15, 2026 - 18:22 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 15:02 EUVD
CVE Published
May 08, 2026 - 14:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: don't send a 6E related command when not supported

MCC_ALLOWED_AP_TYPE_CMD is related to 6E support. Do not send it if the device doesn't support 6E. Apparently, the firmware is mistakenly advertising support for this command even on AX201 which does not support 6E and then the firmware crashes.

AnalysisAI

A firmware crash in Linux kernel's iwlwifi driver (versions 6.9 through 7.0-rc7) occurs when the AX201 Wi-Fi adapter incorrectly receives a 6GHz-related command (MCC_ALLOWED_AP_TYPE_CMD) despite lacking 6E support. This triggers a local denial of service (CVSS 5.5, AV:L) requiring low privileges. Vendor patches are available across stable branches (6.18.22, 6.19.12, 7.0). EPSS score of 0.02% (4th percentile) indicates minimal real-world exploitation risk, with no active exploitation or public POC identified. Priority for systems using Intel AX201 adapters where local users could trigger system instability.

Technical ContextAI

The vulnerability exists in the iwlwifi Media Vendor Commands (MVM) driver component responsible for Intel wireless chipset management in Linux. The issue stems from a firmware capability advertisement mismatch where AX201 devices (which support Wi-Fi 6/802.11ax but NOT Wi-Fi 6E/6GHz operation) incorrectly advertise support for the MCC_ALLOWED_AP_TYPE_CMD command. This command is specifically designed for 6GHz band regulation and Multi-Country Code management in 6E-capable devices. When the kernel driver sends this command to non-6E firmware, it triggers an unhandled exception causing firmware crash and adapter failure. The affected code path is in the regulatory domain initialization logic where the driver queries device capabilities but fails to validate 6E support before issuing 6E-specific commands. CPE data confirms impact across Linux kernel 6.9 through 7.0 release candidates, with specific commit range starting from 0d2fc8821a7d667180ce27732697105db843a1b9.

RemediationAI

Apply vendor-supplied kernel patches immediately: upgrade to Linux kernel 6.18.22 or later for 6.18.x series, 6.19.12 or later for 6.19.x series, or 7.0 stable release when available. Patches are available via upstream commits 323156c3541e23da7e582008a7ac30cd51b60acd, 6607d0e58ceca997816122568ce54db9e134edab, and c0b3fa5e0eaecd38e6a9f8f78e86f468fbde719a (see https://git.kernel.org/stable/c/323156c3541e23da7e582008a7ac30cd51b60acd and related links). The fix adds capability checking to prevent sending MCC_ALLOWED_AP_TYPE_CMD to devices without 6E support. If immediate patching is not feasible, temporary mitigation on systems with AX201 adapters includes: (1) blacklisting the iwlmvm kernel module and using alternative network connectivity (Ethernet, USB Wi-Fi), though this completely disables built-in wireless - acceptable for wired-primary deployments but impacts mobile/wireless-dependent systems; (2) restricting unprivileged user access to wireless configuration via udev rules and capability restrictions, reducing attack surface but not eliminating risk from users with legitimate network management privileges. These workarounds trade wireless functionality or usability for stability and should be considered temporary only.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-28609 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy