CVE-2026-43113
Buffer Overflow in Linux Kernel WiFi Driver
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
| linux_kernel | wifi | wl1251 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's wifi driver for the wl1251 device. Specifically, the function wl1251_tx_packet_cb() uses a firmware completion ID to index into a fixed-size array of 16 entries called tx_frames[]. The completion ID is an unsigned 8-bit value obtained from the firmware, but the function does not verify whether this ID is within the valid range of the array before using it as an index.
Because the ID is not validated, it could lead to out-of-bounds access when indexing the tx_frames[] array. The fix involves rejecting any completion IDs that fall outside the valid range of the array, thereby preventing invalid memory access and maintaining the integrity of the completion flow.
How can this vulnerability impact me? :
This vulnerability can lead to out-of-bounds memory access in the Linux kernel's wifi driver. Such memory access issues can cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service by exploiting the unchecked indexing.