CVE-2026-43386
Out-of-Bounds Read in Linux Kernel RTL8723BS WiFi Driver
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | to 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (exc) |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's staging driver rtl8723bs. The issue is a potential out-of-bounds read caused by accessing an array element before verifying that the index is within the valid range. Specifically, the code accesses 'in_ie[i + 5]' before checking if 'i + 5' is less than the input length, which can lead to reading memory outside the intended bounds.
The fix involves moving the length check to the beginning of the conditional statement to ensure the index is within bounds before accessing the array.
How can this vulnerability impact me? :
An out-of-bounds read vulnerability can potentially lead to information disclosure or cause a system crash if the kernel reads invalid memory. However, the exact impact depends on how the vulnerable code is used and whether an attacker can exploit this to gain sensitive information or disrupt system operations.