-
CVE-2026-53097
- EPSS 0.17%
- Veröffentlicht 24.06.2026 16:30:35
- Zuletzt bearbeitet 24.06.2026 17:17:23
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
wifi: mt76: mt7996: fix use-after-free bugs in mt7996_mac_dump_work()
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7996: fix use-after-free bugs in mt7996_mac_dump_work()
When the mt7996 pci chip is detaching, the mt7996_crash_data is
released in mt7996_coredump_unregister(). However, the work item
dump_work may still be running or pending, leading to UAF bugs
when the already freed crash_data is dereferenced again in
mt7996_mac_dump_work().
The race condition can occur as follows:
CPU 0 (removal path) | CPU 1 (workqueue)
mt7996_pci_remove() | mt7996_sys_recovery_set()
mt7996_unregister_device() | mt7996_reset()
mt7996_coredump_unregister() | queue_work()
vfree(dev->coredump.crash_data) | mt7996_mac_dump_work()
| crash_data-> // UAF
Fix this by ensuring dump_work is properly canceled before
the crash_data is deallocated. Add cancel_work_sync() in
mt7996_unregister_device() to synchronize with any pending
or executing dump work.Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
878161d5d4a469a6ef7f3fb4fe9f676bc508ee99
Version <
180182a3f23ff79430a32ca2c4c1885368ceab48
Status
affected
Version
878161d5d4a469a6ef7f3fb4fe9f676bc508ee99
Version <
aa4a31cd89f4fde5043ac613fe0e27014a60a60b
Status
affected
Version
878161d5d4a469a6ef7f3fb4fe9f676bc508ee99
Version <
188e10f9ea3109d23c6b7643aa6ec2f5cb0faa6d
Status
affected
Version
878161d5d4a469a6ef7f3fb4fe9f676bc508ee99
Version <
c8f62f73bbced3a79894655bdb0b625462d956fc
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
6.4
Status
affected
Version
0
Version <
6.4
Status
unaffected
Version <=
6.12.*
Version
6.12.91
Status
unaffected
Version <=
6.18.*
Version
6.18.33
Status
unaffected
Version <=
7.0.*
Version
7.0.10
Status
unaffected
Version <=
*
Version
7.1
Status
unaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.063 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|
https://git.kernel.org/stable/c/180182a3f23ff79430a32ca2c4c1885368ceab48
https://git.kernel.org/stable/c/aa4a31cd89f4fde5043ac613fe0e27014a60a60b
https://git.kernel.org/stable/c/188e10f9ea3109d23c6b7643aa6ec2f5cb0faa6d
https://git.kernel.org/stable/c/c8f62f73bbced3a79894655bdb0b625462d956fc