CVE-2026-23363
Published: 25 March 2026
Summary
CVE-2026-23363 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Credential Access (T1212); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-23363 is a vulnerability in the Linux kernel's mt76 WiFi driver, specifically affecting the mt7925 component. It stems from a failure to check frame length before accessing management fields in the mt7925_mac_write_txwi_80211() function, potentially leading to an out-of-bounds (OOB) read, as classified under CWE-125. The issue carries a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H), indicating high impact on confidentiality and availability.
A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows reading sensitive data beyond allocated bounds and potentially causing denial of service through system crashes or instability, though integrity impacts are not present.
Mitigation is provided through upstream Linux kernel patches available in stable repositories, including commits such as 22a6419a8b955df81082285543be3e61816c49b5, 2831a8c574545101e6d0df50785fccb16474eb3c, 3356464e50e1ee15ba3c324ef6cc5a475c2e96e4, and c41a9abd6ae31d130e8f332e7c8800c4c866234b. These fixes add frame length validation before accessing the relevant management fields in mt7925_mac_write_txwi_80211() to prevent the OOB access. Security practitioners should ensure systems with mt7925 hardware update to kernels incorporating these commits.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-15343
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() Check frame length before accessing the mgmt fields in mt7925_mac_write_txwi_80211 in order to avoid a possible oob access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB read in kernel driver directly enables local memory disclosure (credential access) and system crashes (DoS via exploitation).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely application of upstream Linux kernel patches remediates the missing frame length check, directly preventing OOB access in mt7925_mac_write_txwi_80211().
Enforces validation of information inputs such as frame lengths in the WiFi driver to prevent out-of-bounds reads classified as CWE-125.
Implements kernel memory protections like ASLR to mitigate data leakage and availability impacts from OOB reads in the mt7925 driver.