Linux Kernel WiFi MT76 MT7921 Buffer Length Underflow Vulnerability

A buffer length underflow vulnerability has been identified in the Linux kernel's WiFi MT76 MT7921 driver. This issue arises when the buffer length is used to limit iterations for retrieving country power settings. Under certain conditions, changes in the power table can cause the buffer length to underflow, leading to an almost infinite loop or an invalid power setting. This ultimately results in a failure to initialize the driver.

Impact

Exploitation of this vulnerability causes the driver to fail during initialization, which can disrupt WiFi functionality on the affected device.

Reproduction

The vulnerability can be reproduced by modifying the power table in a way that triggers the buffer length underflow. This can be done by introducing changes that affect the country power settings, causing the buffer length to underflow during the retrieval process. As a result, the driver enters an infinite loop or receives an invalid power setting, leading to a failure in initialization.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel Git repository.