CVE-2026-43225
Memory Leak in Linux Kernel RTL8723BS Driver
Publication date: 2026-05-06
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.2 (inc) to 6.6.128 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.75 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.16 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.6 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.165 (exc) |
| linux | linux_kernel | From 4.12 (inc) to 5.15.202 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's staging driver rtl8723bs. The function cfg80211_inform_bss_frame() may return NULL on failure, but in that case, the allocated buffer 'buf' is not freed before the function returns early. This leads to a potential memory leak because the allocated memory is not properly released.
The issue was fixed by ensuring that the buffer 'buf' is freed on both success and failure paths, preventing the memory leak.
How can this vulnerability impact me? :
The vulnerability can lead to a memory leak in the Linux kernel when the rtl8723bs driver encounters a failure in the cfg80211_inform_bss_frame() function. Over time, this memory leak could cause increased memory usage, potentially degrading system performance or causing instability.