CVE-2026-46092
Awaiting Analysis Awaiting Analysis - Queue
WiFi Driver Null Pointer Dereference in Realtek RTL8821CE

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: check for PCI upstream bridge existence pci_upstream_bridge() returns NULL if the device is on a root bus. If 8821CE is installed in the system with such a PCI topology, the probing routine will crash. This has probably been unnoticed as 8821CE is mostly supplied in laptops where there is a PCI-to-PCI bridge located upstream from the device. However the card might be installed on a system with different configuration. Check if the bridge does exist for the specific workaround to be applied. Found by Linux Verification Center (linuxtesting.org) with Svace static analysis tool.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46092
EUVD
EUVD-2026-32475
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability is related to the Linux kernel's handling of the 8821CE wifi device in certain PCI topologies. Detection involves checking if the 8821CE device is installed on a system where the PCI upstream bridge does not exist, which can cause the probing routine to crash.

Since the issue arises when pci_upstream_bridge() returns NULL, you can check the PCI topology and verify if the 8821CE device is present and whether it has a PCI-to-PCI bridge upstream.

  • Use the command `lspci -v` to list PCI devices and their hierarchy.
  • Look for the 8821CE device in the output and check if it is connected behind a PCI-to-PCI bridge.
  • You can also check kernel logs (`dmesg`) for any crash or error messages related to the rtw88 driver or PCI probing failures.
Mitigation Strategies

The vulnerability has been resolved by adding a check for the existence of the PCI upstream bridge before applying the workaround for the 8821CE device.

Immediate mitigation steps include:

  • Update the Linux kernel to a version that includes the fix for this vulnerability.
  • If updating the kernel is not immediately possible, avoid using the 8821CE device on systems where the PCI topology lacks an upstream PCI-to-PCI bridge.
  • Monitor system logs for crashes related to the rtw88 driver and consider disabling the wifi device temporarily if instability is observed.
Executive Summary

This vulnerability exists in the Linux kernel's wifi driver for the 8821CE device. The issue arises because the function pci_upstream_bridge() can return NULL if the device is connected directly to a root bus without an upstream PCI-to-PCI bridge. When this happens, the probing routine for the 8821CE device crashes because it does not check for the existence of the upstream bridge before proceeding.

The vulnerability is mostly unnoticed in laptops where the 8821CE device is typically installed behind a PCI-to-PCI bridge. However, if the device is installed in a system with a different PCI topology lacking such a bridge, the crash can occur.

The fix involves adding a check to confirm the existence of the PCI upstream bridge before applying the workaround, preventing the crash.

Impact Analysis

This vulnerability can cause the Linux kernel to crash during the probing of the 8821CE wifi device if it is installed on a system without a PCI upstream bridge. Such a crash can lead to system instability or downtime.

Since the crash occurs during device initialization, it may prevent the wifi device from functioning properly, potentially impacting network connectivity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46092. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart