SB20260325147 - Out-of-bounds write in Linux kernel mediatek mt76 driver
Published: March 25, 2026
Security Bulletin ID
SB20260325147
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2026-23315)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the mt76_connac2_mac_write_txwi_80211 function when handling Wi-Fi management frames. A remote attacker can send a specially crafted 802.11 frame with an undersized payload to trigger an out-of-bounds write access.
Exploitation does not require authentication or user interaction.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0fb3b94a9431a3800717e5c3b6fa2e1045a15029
- https://git.kernel.org/stable/c/4e10a730d1b511ff49723371ed6d694dd1b2c785
- https://git.kernel.org/stable/c/7ae7b093b7dba9548a3bc4766b9364b97db4732d
- https://git.kernel.org/stable/c/7b692dff8df0ba5feb8df00f27d906d6eb1fe627
- https://git.kernel.org/stable/c/84419556359bc96d3fe1623d47a64c86542566cc
- https://git.kernel.org/stable/c/9612d91f617231e03c49cb9b0c02f975a3b4f51f