CVE-2026-23315 PUBLISHED

wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()

Assigner: Linux
Reserved: 13.01.2026 Published: 25.03.2026 Updated: 25.03.2026

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()

Check frame length before accessing the mgmt fields in mt76_connac2_mac_write_txwi_80211 in order to avoid a possible oob access.

[fix check to also cover mgmt->u.action.u.addba_req.capab, correct Fixes tag]

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 577dbc6c656da6997dddc6cf842b7954588f2d4e to 84419556359bc96d3fe1623d47a64c86542566cc (excl.)
  • affected from 577dbc6c656da6997dddc6cf842b7954588f2d4e to 7ae7b093b7dba9548a3bc4766b9364b97db4732d (excl.)
  • affected from 577dbc6c656da6997dddc6cf842b7954588f2d4e to 7b692dff8df0ba5feb8df00f27d906d6eb1fe627 (excl.)
  • affected from 577dbc6c656da6997dddc6cf842b7954588f2d4e to 9612d91f617231e03c49cb9b0c02f975a3b4f51f (excl.)
  • affected from 577dbc6c656da6997dddc6cf842b7954588f2d4e to 0fb3b94a9431a3800717e5c3b6fa2e1045a15029 (excl.)
  • affected from 577dbc6c656da6997dddc6cf842b7954588f2d4e to 4e10a730d1b511ff49723371ed6d694dd1b2c785 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 5.10 is affected
  • unaffected from 0 to 5.10 (excl.)
  • unaffected from 6.1.167 to 6.1.* (incl.)
  • unaffected from 6.6.130 to 6.6.* (incl.)
  • unaffected from 6.12.77 to 6.12.* (incl.)
  • unaffected from 6.18.17 to 6.18.* (incl.)
  • unaffected from 6.19.7 to 6.19.* (incl.)
  • unaffected from 7.0-rc3 to * (incl.)

References