GHSA-jp54-xjfc-9fqxunknown

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix...

Published
June 24, 2026
Last Modified
June 24, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7925: fix potential deadlock in mt7925_roc_abort_sync

roc_abort_sync() can deadlock with roc_work(). roc_work() holds dev->mt76.mutex, while cancel_work_sync() waits for roc_work() to finish. If the caller already owns the same mutex, both sides block and no progress is possible.

This deadlock can occur during station removal when mt76_sta_state() -> mt76_sta_remove() -> mt7925_mac_sta_remove_link() -> mt7925_mac_link_sta_remove() -> mt7925_roc_abort_sync() invokes cancel_work_sync() while roc_work() is still running and holding dev->mt76.mutex.

This avoids the mutex deadlock and preserves exactly-once work ownership.

🔗 References (5)