Linux Kernel mt76 Monitor Mode Crash Vulnerability in mt7921s Driver

Vulnerability

A vulnerability in the Linux kernel's mt76 subsystem, specifically within the mt7921s driver, can lead to a crash in monitor mode. This issue arises when the driver receives frames with fragment buffers, particularly a CTS packet that is only 10 bytes long. The packet requires 6 bytes of header padding after the RXD buffer. However, the RXD is only in the first linear buffer. Pulling the buffer size of RXD minus the size plus 6 bytes with skb_pull() triggers a kernel bug due to the length of the skb being less than the data length. This vulnerability can cause a kernel crash, as indicated by the 'BUG_ON' assertion failure.

Impact

Exploitation of this vulnerability leads to a kernel crash, causing a denial of service by interrupting normal system operations and potentially requiring a manual reboot to restore functionality.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel mt76 Monitor Mode Crash Vulnerability in mt7921s Driver

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating