CVE-2024-46860: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change
When disabling wifi mt7921_ipv6_addr_change() is called as a notifier.
At this point mvif->phy is already NULL so we cannot use it here.
Security readout for executives and security teams
Plain-English summary
This is a Linux kernel Wi-Fi driver crash-class bug tied to MediaTek MT7921 support. When Wi-Fi is being disabled, kernel code may access a NULL pointer because a related driver structure has already been cleared. Business impact is most likely endpoint or device instability, not confirmed compromise.
Executive priority
Treat this as routine but time-bound kernel maintenance for affected endpoints. It does not justify emergency response from the supplied evidence, but recurring endpoint crashes can affect operations and should be removed through normal patch cycles.
Technical view
CVE-2024-46860 affects the Linux mt76 mt7921 driver path mt7921_ipv6_addr_change(). During Wi-Fi disable handling, the notifier can run after mvif->phy is NULL, causing NULL pointer access. The source says the vulnerability has been resolved in Linux stable commits, but provides no CVSS, CWE, or detailed distro mapping.
Likely exposure
Exposure is likely limited to Linux systems using the mt76/mt7921 MediaTek Wi-Fi driver and affected kernel builds. Servers, VMs, and appliances without that hardware or driver path are unlikely to be exposed. The supplied version data is incomplete for precise distribution-level impact.
Exploitation context
The bundle does not show active exploitation, public exploit evidence, or CISA KEV listing. The described condition occurs when Wi-Fi is disabled, suggesting a local or device-state-triggered reliability issue. No remote attack path is established in the provided sources.
Researcher notes
Evidence supports a NULL pointer dereference in the mt7921 IPv6 address change notifier during Wi-Fi teardown. Severity and exploitation remain unclear because the CVE record provides no CVSS, CWE, exploit status, or complete downstream version mapping.
Mitigation direction
Apply Linux vendor kernel updates that include the referenced stable fixes.
Prioritize laptops and endpoints with MediaTek MT7921 Wi-Fi hardware.
Track distribution advisories for exact package names and fixed versions.
For unmanaged devices, confirm kernel builds include the stable commit fixes.
Validation and detection
Inventory Linux systems with MediaTek MT7921 or mt76 driver usage.
Map running kernel packages to vendor advisories or stable commit inclusion.
Review kernel logs for related NULL pointer or Wi-Fi disable crashes.
Confirm updated kernels boot and Wi-Fi disable paths no longer crash.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-46860 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.