Linux Kernel Out-of-Bounds Access Vulnerability in Wi-Fi MT76 MT7925 Driver

A vulnerability allowing out-of-bounds access has been identified in the Linux kernel's Wi-Fi MT76 MT7925 driver. This issue arises in the function 'mt7925_mac_write_txwi_80211', where management fields are accessed without proper frame length validation. The vulnerability affects several versions of the Linux kernel.

Impact

The out-of-bounds access could potentially lead to memory corruption or unauthorized access to sensitive data.

Reproduction

The vulnerability can be reproduced by sending a Wi-Fi action frame that triggers the 'mt7925_mac_write_txwi_80211' function. The frame must be crafted to include management fields that exceed the expected length, exploiting the lack of proper length checks before the fields are accessed.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. The specific commit that resolves this issue is 'c41a9abd6ae31d130e8f332e7c8800c4c866234b', available in the Linux kernel stable tree.