Linux Kernel Out-of-Bounds Access Vulnerability in Wi-Fi MT76 MT7996 Driver

A vulnerability allowing out-of-bounds access has been identified in the Linux kernel's Wi-Fi MT76 MT7996 driver. This issue arises in the 'mt7996_mac_write_txwi_80211' function, where management fields are accessed without proper frame length validation. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing memory corruption or allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending a Wi-Fi action frame that triggers the 'mt7996_mac_write_txwi_80211' function. The frame must be crafted to include management fields that exceed the expected length, bypassing the driver's length checks and causing an out-of-bounds access.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the updated kernel can be found on the official Linux kernel website.