CVE-2026-46163
Analyzed Analyzed - Analysis Complete
Buffer Overflow Fix in Linux Kernel b43legacy WiFi Driver

Publication date: 2026-05-28

Last updated on: 2026-06-10

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX path Same fix as b43: the firmware-controlled key index in b43legacy_rx() can exceed dev->max_nr_keys. The existing B43legacy_WARN_ON is non-enforcing in production builds, allowing an out-of-bounds read of dev->key[]. Make the check enforcing by dropping the frame for invalid indices.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-10
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-46163
EUVD
EUVD-2026-32790
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 6.13 (inc) to 6.18.30 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.175 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.209 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.7 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.88 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.140 (exc)
linux linux_kernel From 2.6.24 (inc) to 5.10.258 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's b43legacy wireless driver. It involves the firmware-controlled key index used in the RX (receive) path, which can exceed the maximum number of keys allowed (dev->max_nr_keys). The existing warning mechanism (B43legacy_WARN_ON) does not enforce bounds checking in production builds, allowing an out-of-bounds read of the device's key array (dev->key[]). The fix enforces this bounds check by dropping frames with invalid key indices, preventing the out-of-bounds read.

Impact Analysis

This vulnerability can lead to an out-of-bounds read in the kernel memory due to improper bounds checking on the firmware key index. Such out-of-bounds reads can potentially cause system instability, crashes, or information disclosure by reading unintended memory areas.

Mitigation Strategies

The vulnerability in the Linux kernel's b43legacy driver involves an out-of-bounds read due to a non-enforcing bounds check on the firmware key index in the RX path.

To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where this issue is fixed. The fix enforces the bounds check by dropping frames with invalid indices, preventing out-of-bounds reads.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46163. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart