-

CVE-2026-53098

wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work()

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7915: fix use-after-free bugs in mt7915_mac_dump_work()

When the mt7915 pci chip is detaching, the mt7915_crash_data is
released in mt7915_coredump_unregister(). However, the work item
dump_work may still be running or pending, leading to UAF bugs
when the already freed crash_data is dereferenced again in
mt7915_mac_dump_work().

The race condition can occur as follows:

CPU 0 (removal path)               | CPU 1 (workqueue)
mt7915_pci_remove()                | mt7915_sys_recovery_set()
 mt7915_unregister_device()        |  mt7915_reset()
  mt7915_coredump_unregister()     |   queue_work()
   vfree(dev->coredump.crash_data) | mt7915_mac_dump_work()
                                   |  crash_data-> // UAF

Fix this by ensuring dump_work is properly canceled before
the crash_data is deallocated. Add cancel_work_sync() in
mt7915_unregister_device() to synchronize with any pending
or executing dump work.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 4dbcb9125cc3e10a6d879c10e4f5816d05a87c49
Version < 6d5202409467d621b6d1dfd7fc7dadb997fe66d2
Status affected
Version 4dbcb9125cc3e10a6d879c10e4f5816d05a87c49
Version < e6856af8a22a8e2cd18241a465ed00c2301b3a5e
Status affected
Version 4dbcb9125cc3e10a6d879c10e4f5816d05a87c49
Version < 6b7cbb13c838cf2a5f2e7be0e96fe15250087939
Status affected
Version 4dbcb9125cc3e10a6d879c10e4f5816d05a87c49
Version < 21ce6d867867645fff0ef657be18f61d9f39dcd8
Status affected
Version 4dbcb9125cc3e10a6d879c10e4f5816d05a87c49
Version < 1146d0946b5358fad24812bd39d68f31cd40cc34
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.2
Status affected
Version 0
Version < 6.2
Status unaffected
Version <= 6.6.*
Version 6.6.141
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.063
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/6d5202409467d621b6d1dfd7fc7dadb997fe66d2
https://git.kernel.org/stable/c/e6856af8a22a8e2cd18241a465ed00c2301b3a5e
https://git.kernel.org/stable/c/6b7cbb13c838cf2a5f2e7be0e96fe15250087939
https://git.kernel.org/stable/c/21ce6d867867645fff0ef657be18f61d9f39dcd8
https://git.kernel.org/stable/c/1146d0946b5358fad24812bd39d68f31cd40cc34