CVE-2026-23315

Summary

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()

Check frame length before accessing the mgmt fields in mt76_connac2_mac_write_txwi_80211 in order to avoid a possible oob access.

[fix check to also cover mgmt->u.action.u.addba_req.capab, correct Fixes tag]

Affected Software

VendorProductVersion RangeStatus
LinuxLinux577dbc6c656da6997dddc6cf842b7954588f2d4e < 84419556359bc96d3fe1623d47a64c86542566ccaffected
LinuxLinux577dbc6c656da6997dddc6cf842b7954588f2d4e < 7ae7b093b7dba9548a3bc4766b9364b97db4732daffected
LinuxLinux577dbc6c656da6997dddc6cf842b7954588f2d4e < 7b692dff8df0ba5feb8df00f27d906d6eb1fe627affected
LinuxLinux577dbc6c656da6997dddc6cf842b7954588f2d4e < 9612d91f617231e03c49cb9b0c02f975a3b4f51faffected
LinuxLinux577dbc6c656da6997dddc6cf842b7954588f2d4e < 0fb3b94a9431a3800717e5c3b6fa2e1045a15029affected
LinuxLinux577dbc6c656da6997dddc6cf842b7954588f2d4e < 4e10a730d1b511ff49723371ed6d694dd1b2c785affected
LinuxLinux5.10affected
LinuxLinux0 < 5.10unaffected
LinuxLinux6.1.167 <= 6.1.*unaffected
LinuxLinux6.6.130 <= 6.6.*unaffected
LinuxLinux6.12.77 <= 6.12.*unaffected
LinuxLinux6.18.17 <= 6.18.*unaffected
LinuxLinux6.19.7 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References