CVE-2026-23315
Published: 25 March 2026
Summary
CVE-2026-23315 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the OOB access vulnerability by requiring timely application of kernel patches that add frame length validation in the mt76 WiFi driver.
Enforces validation of information inputs such as WiFi management frame lengths to prevent OOB reads in the mt76_connac2_mac_write_txwi_80211 function.
Provides kernel memory protections like address space layout randomization to mitigate impacts of OOB memory access in the WiFi driver.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB read enables local memory disclosure (T1005) and system crash/DoS via kernel driver flaw (T1499.004); local attack vector with no direct priv esc or remote exploitation.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in mt76_connac2_mac_write_txwi_80211 in order to avoid a possible oob access. [fix check to also…
more
cover mgmt->u.action.u.addba_req.capab, correct Fixes tag]
Deeper analysisAI
CVE-2026-23315 is a vulnerability in the Linux kernel's mt76 WiFi driver, specifically within the mt76_connac2_mac_write_txwi_80211() function. It stems from a lack of frame length validation before accessing management frame fields, enabling a possible out-of-bounds (OOB) read, classified under CWE-125. The issue was published on 2026-03-25 and carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), highlighting high impacts on confidentiality and availability.
A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. By triggering the faulty function, the attacker can achieve high confidentiality impact through unauthorized access to sensitive memory contents and high availability impact via system crashes or denial of service, without affecting integrity.
Mitigation requires applying upstream patches from the Linux kernel stable repositories, as detailed in commits such as 0fb3b94a9431a3800717e5c3b6fa2e1045a15029, 4e10a730d1b511ff49723371ed6d694dd1b2c785, 7ae7b093b7dba9548a3bc4766b9364b97db4732d, 7b692dff8df0ba5feb8df00f27d906d6eb1fe627, and 84419556359bc96d3fe1623d47a64c86542566cc. These fixes introduce frame length checks prior to accessing management fields, including coverage for mgmt->u.action.u.addba_req.capab, to prevent the OOB access.
Details
- CWE(s)