CVE-2026-46122
Buffer Overflow in Linux Kernel WiFi Driver
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | b43 | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's b43 wireless driver. Specifically, the firmware-controlled key index used in the b43_rx() function can exceed the size of the device's key array, which has 58 entries. The existing warning mechanism (B43_WARN_ON) that detects this out-of-bounds access is not enforced in production builds, allowing an out-of-bounds read to occur. The fix enforces this check by dropping any frame where the firmware returns an invalid key index, preventing the out-of-bounds read.
How can this vulnerability impact me? :
This vulnerability can lead to an out-of-bounds read in the Linux kernel's wireless driver, which may cause unexpected behavior such as crashes or information leakage. Since the key index can exceed the valid range, it might allow the firmware to access memory outside the intended bounds, potentially leading to instability or exposing sensitive data.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in the Linux kernel's b43 driver involves an out-of-bounds read due to a non-enforcing bounds check on the firmware key index.
To mitigate this vulnerability, update your Linux kernel to a version where the B43_WARN_ON check is made enforcing, which drops frames when the firmware returns an invalid key index.