CVE-2026-43110
Awaiting Analysis Awaiting Analysis - Queue
Buffer Overflow in Linux Kernel WiFi Driver

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index before it touches drvr->iflist[], but it still uses the raw bsscfgidx field as an array index without a matching range check. Reject IF events whose bsscfg index does not fit in drvr->iflist[] before indexing the interface array. [add missing wifi prefix]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43110
EUVD
EUVD-2026-27630
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
brcm brcmfmac *
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's wifi driver brcmfmac. Specifically, the function brcmf_fweh_handle_if_event() does not properly validate the bsscfg index before using it as an array index. Although it validates the firmware-provided interface index before accessing the iflist array, it still uses the raw bsscfgidx field without a proper range check. This can lead to improper indexing of the interface array.


How can this vulnerability impact me? :

Improper validation of the bsscfg index could potentially lead to out-of-bounds array access in the wifi driver. This might cause unexpected behavior such as crashes, memory corruption, or other stability issues in the Linux kernel's wifi subsystem.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart