CVE-2026-46136

EUVD-2026-32763
In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7921: fix a potential clc buffer length underflow

The buf_len is used to limit the iterations for retrieving the country
power setting and may underflow under certain conditions due to changes
in the power table in CLC.

This underflow leads to an almost infinite loop or an invalid power
setting resulting in driver initialization failure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.1.75 ≤
𝑥
< 6.1.175
linuxlinux_kernel
6.6.14 ≤
𝑥
< 6.6.140
linuxlinux_kernel
6.7.2 ≤
𝑥
< 6.12.88
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.30
linuxlinux_kernel
6.19 ≤
𝑥
< 7.0.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.176-1
fixed
bookworm (security)
6.1.176-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.259-1
fixed
forky
7.1.3-1
fixed
sid
7.1.3-1
fixed
trixie
6.12.94-1
fixed
trixie (security)
6.12.95-1
fixed
linux-6.1
bullseye (security)
6.1.176-1~deb11u1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
kernel
Azure Linux 3.0
0:6.6.141.1-1.azl3
fixed