CVE-2026-23325
Published: 25 March 2026
Summary
CVE-2026-23325 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 3.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the CVE by requiring timely identification, testing, and installation of kernel patches that add frame length checks to prevent OOB access.
Mandates validation of frame length inputs to the mt7996_mac_write_txwi_80211 function, directly preventing the OOB read by ensuring inputs are within acceptable ranges before processing.
Provides memory protections that limit the impact of OOB reads in kernel space, reducing potential confidentiality breaches and availability disruptions from sensitive memory disclosure or crashes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB kernel memory read enables credential disclosure via exploitation (T1212); crafted frames can also crash the system for DoS (T1499.004).
NVD Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in mt7996_mac_write_txwi_80211 in order to avoid a possible oob access.
Deeper analysisAI
CVE-2026-23325 is a vulnerability in the Linux kernel's mt76 WiFi driver, specifically affecting the mt7996 chipset implementation. The issue resides in the mt7996_mac_write_txwi_80211 function, where a failure to check the frame length before accessing management fields can lead to an out-of-bounds (OOB) read, corresponding to CWE-125. This flaw has a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), indicating high severity due to potential confidentiality and availability impacts.
Local attackers with low privileges can exploit this vulnerability by triggering the affected function with a crafted frame, resulting in an OOB access. Successful exploitation could disclose sensitive kernel memory (high confidentiality impact) and cause a denial of service through system crash or instability (high availability impact), without requiring user interaction or elevated privileges beyond local access.
Mitigation is available through kernel patches referenced in stable repository commits, including checks for frame length prior to accessing management fields in mt7996_mac_write_txwi_80211. Security practitioners should apply these updates from the provided git.kernel.org stable commits to affected Linux kernel versions incorporating the mt76 mt7996 driver.
Details
- CWE(s)