Cyber Resilience

CVE-2026-23363

High

Published: 25 March 2026

Published
25 March 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0002 4.8th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23363 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-23363 is a vulnerability in the Linux kernel's mt76 WiFi driver, specifically affecting the mt7925 component. It stems from a failure to check frame length before accessing management fields in the mt7925_mac_write_txwi_80211() function, potentially leading to an out-of-bounds (OOB) read, as classified under CWE-125. The issue carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), indicating high impact on confidentiality and availability.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows reading sensitive data beyond allocated bounds and potentially causing denial of service through system crashes or instability, though integrity impacts are not present.

Mitigation is provided through upstream Linux kernel patches available in stable repositories, including commits such as 22a6419a8b955df81082285543be3e61816c49b5, 2831a8c574545101e6d0df50785fccb16474eb3c, 3356464e50e1ee15ba3c324ef6cc5a475c2e96e4, and c41a9abd6ae31d130e8f332e7c8800c4c866234b. These fixes add frame length validation before accessing the relevant management fields in mt7925_mac_write_txwi_80211() to prevent the OOB access. Security practitioners should ensure systems with mt7925 hardware update to kernels incorporating these commits.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in mt7925_mac_write_txwi_80211 in order to avoid a possible oob access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

OOB read in kernel driver directly enables local memory disclosure (credential access) and system crashes (DoS via exploitation).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21743Same product: Linux Linux Kernel
CVE-2026-31774Same product: Linux Linux Kernel
CVE-2026-23325Same product: Linux Linux Kernel
CVE-2025-21815Same product: Linux Linux Kernel
CVE-2026-31779Same product: Linux Linux Kernel
CVE-2026-43051Same product: Linux Linux Kernel
CVE-2026-23269Same product: Linux Linux Kernel
CVE-2026-31568Same product: Linux Linux Kernel
CVE-2026-43042Same product: Linux Linux Kernel
CVE-2026-23204Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.7, 7.0 · 6.7.1 — 6.12.77 · 6.13 — 6.18.17 · 6.19 — 6.19.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely application of upstream Linux kernel patches remediates the missing frame length check, directly preventing OOB access in mt7925_mac_write_txwi_80211().

prevent

Enforces validation of information inputs such as frame lengths in the WiFi driver to prevent out-of-bounds reads classified as CWE-125.

prevent

Implements kernel memory protections like ASLR to mitigate data leakage and availability impacts from OOB reads in the mt7925 driver.

References