Bug 2492354 (CVE-2026-53103) - CVE-2026-53103 kernel: wifi: mt76: mt7925: fix potential deadlock in mt7925_roc_abort_sync
Summary: CVE-2026-53103 kernel: wifi: mt76: mt7925: fix potential deadlock in mt7925_r...
Keywords:
Status: NEW
Alias: CVE-2026-53103
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-24 18:07 UTC by OSIDB Bzimport
Modified: 2026-06-26 19:24 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-24 18:07:28 UTC
In the Linux kernel, the following vulnerability has been resolved:

wifi: mt76: mt7925: fix potential deadlock in mt7925_roc_abort_sync

roc_abort_sync() can deadlock with roc_work(). roc_work() holds
dev->mt76.mutex, while cancel_work_sync() waits for roc_work()
to finish. If the caller already owns the same mutex, both
sides block and no progress is possible.

This deadlock can occur during station removal when
mt76_sta_state() -> mt76_sta_remove() ->
mt7925_mac_sta_remove_link() -> mt7925_mac_link_sta_remove() ->
mt7925_roc_abort_sync() invokes cancel_work_sync() while
roc_work() is still running and holding dev->mt76.mutex.

This avoids the mutex deadlock and preserves exactly-once
work ownership.


Note You need to log in before you can comment on or make changes to this bug.