FKIE_CVE-2026-46136

Vulnerability from fkie_nvd - Published: 2026-05-28 10:16 - Updated: 2026-05-28 13:44
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix a potential clc buffer length underflow The buf_len is used to limit the iterations for retrieving the country power setting and may underflow under certain conditions due to changes in the power table in CLC. This underflow leads to an almost infinite loop or an invalid power setting resulting in driver initialization failure.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/0aa63d33742b805d1a218d18d12b983cce4b2f7b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5373f8b19e568b5c217832b9bbef165bd2b2df14
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/90cc573fd2f46ddbc2c329e7814b5ba3deb7b939
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a0111847f0b4f6023f6dd320114697514e024ba3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/e451c325b000b9a0081fd93bc6d103d6943d4b55
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921: fix a potential clc buffer length underflow\n\nThe buf_len is used to limit the iterations for retrieving the country\npower setting and may underflow under certain conditions due to changes\nin the power table in CLC.\n\nThis underflow leads to an almost infinite loop or an invalid power\nsetting resulting in driver initialization failure."
    }
  ],
  "id": "CVE-2026-46136",
  "lastModified": "2026-05-28T13:44:01.663",
  "metrics": {},
  "published": "2026-05-28T10:16:29.160",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0aa63d33742b805d1a218d18d12b983cce4b2f7b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5373f8b19e568b5c217832b9bbef165bd2b2df14"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/90cc573fd2f46ddbc2c329e7814b5ba3deb7b939"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a0111847f0b4f6023f6dd320114697514e024ba3"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/e451c325b000b9a0081fd93bc6d103d6943d4b55"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.