Linux Kernel Wi-Fi MT76 MT7915 Hardware Restart List Corruption Vulnerability

A vulnerability in the Linux kernel's Wi-Fi MT76 MT7915 driver can lead to list corruption after a hardware restart. When the hardware is restarted, the driver recreates station entries from scratch. However, if the associated lists for the Wireless Client IDs (WCIDs) are not cleared beforehand, it can cause corruption. The vulnerability arises because WCID entries can be added to lists before they are ready, leading to potential inconsistencies.

Impact

The vulnerability can cause list corruption, which may disrupt the normal operation of the Wi-Fi driver and potentially lead to incorrect handling of wireless client connections.

Reproduction

The vulnerability can be reproduced by triggering a hardware restart in the Wi-Fi MT76 MT7915 driver without clearing the associated WCID lists first. This can be done by initiating a full system reset while the driver is actively managing station entries, which will cause the driver to recreate the entries without properly resetting the WCID lists, leading to corruption.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can apply the latest updates from the Linux kernel stable repository to mitigate this issue.