CVE-2026-23172
📋 TL;DR
A buffer overflow vulnerability in the Linux kernel's t7xx WWAN driver could allow malicious or buggy modem firmware to cause kernel memory corruption by sending packets with excessive fragments. This affects systems using MediaTek T7xx 5G modems with vulnerable kernel versions. The vulnerability could lead to kernel crashes or undefined behavior.
💻 Affected Systems
- Linux kernel with MediaTek T7xx 5G modem driver (t7xx)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or potential arbitrary code execution in kernel context leading to complete system compromise.
Likely Case
Kernel crash or system instability when receiving malformed packets from modem firmware.
If Mitigated
No impact if patched or if modem firmware behaves correctly within protocol specifications.
🎯 Exploit Status
Exploitation requires control over modem firmware or ability to send malformed packets to the modem interface. No public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel versions containing the fix commits (2a0522f564acd34442652ea083091c329fa7c5d5 and related)
Vendor Advisory: https://git.kernel.org/stable/c/2a0522f564acd34442652ea083091c329fa7c5d5
Restart Required: No
Instructions:
1. Update Linux kernel to version containing the fix. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Rebuild kernel if using custom kernel with backported fix.
🔧 Temporary Workarounds
Disable t7xx driver
LinuxUnload the vulnerable t7xx driver if 5G modem functionality is not required
sudo rmmod mtk_t7xx
sudo modprobe -r mtk_t7xx
Blacklist driver
LinuxPrevent t7xx driver from loading at boot
echo 'blacklist mtk_t7xx' | sudo tee /etc/modprobe.d/blacklist-t7xx.conf
🧯 If You Can't Patch
- Isolate systems with T7xx modems from untrusted networks
- Monitor kernel logs for crash indicators related to t7xx driver
🔍 How to Verify
Check if Vulnerable:
Check if t7xx driver is loaded: lsmod | grep t7xx AND check kernel version against patched versionsCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits OR test with proof-of-concept packet generation (not publicly available)📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- Oops messages mentioning t7xx, dpmaif, or skb fragments
- System crashes when modem is active
Network Indicators:
- Unusual modem packet patterns (difficult to detect without deep packet inspection)
SIEM Query:
source="kernel" AND ("t7xx" OR "dpmaif" OR "skb" OR "frag") AND ("panic" OR "Oops" OR "BUG")🔗 References
- https://git.kernel.org/stable/c/2a0522f564acd34442652ea083091c329fa7c5d5
- https://git.kernel.org/stable/c/2c0fb0f60bc1545c52da61bc6bd4855c1e7814ba
- https://git.kernel.org/stable/c/af4b8577d0b388cc3d0039eb0cdd9ca5bbbc9276
- https://git.kernel.org/stable/c/f0813bcd2d9d97fdbdf2efb9532ab03ae92e99e6
- https://git.kernel.org/stable/c/f9747a7521a48afded5bff2faf1f2dcfff48c577
