Linux Kernel Out-of-Bounds Access Vulnerability in Wi-Fi MT76 Driver

A vulnerability allowing out-of-bounds access has been identified in the Linux kernel's Wi-Fi MT76 driver, specifically within the function 'mt76_connac2_mac_write_txwi_80211'. This issue arises from insufficient checks on frame length before accessing management fields, which could lead to memory corruption.

Impact

Exploitation of this vulnerability could result in out-of-bounds memory access, potentially leading to memory corruption or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending a Wi-Fi action frame that includes a 'Add Block Ack Request' (ADDBA_REQ) action code. The frame must be crafted to exceed the minimum action size, allowing the management fields to be accessed without proper validation, thus triggering the out-of-bounds access.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the updated kernel can be found on the official Linux kernel website.