Integer Underflow in Linux Kernel Affects Wireless MT7601U Driver
CVE-2023-53679

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 7 October 2025

What is CVE-2023-53679?

A vulnerability in the Linux kernel's MT7601U wireless driver has been identified which can lead to an integer underflow. This occurs when the dma_len variable in a URB packet is manipulated, triggering an underflow in the seg_len. As a result, critical checks within the mt7601u_rx_skb_from_seg() function can be bypassed, potentially leading to a null pointer dereference. It is crucial to ensure that 'dma_len' is always greater than 'min_seg_len' to prevent this issue. This vulnerability was discovered using a modified version of syzkaller.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 67e4519afba215199b6dfa39ce5d7ea673ee4138

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 47dc1f425af57b71111d7b01ebd24e04e8d967ef

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1a1f43059afae5cc9409e0c3bc63bfc09bc8facb

References

https://git.kernel.org/stable/c/67e4519afba215199b6dfa39c...

https://git.kernel.org/stable/c/47dc1f425af57b71111d7b01e...

https://git.kernel.org/stable/c/1a1f43059afae5cc9409e0c3b...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Oct 7, 2025

JSON