CVE-2026-46163
Buffer Overflow Fix in Linux Kernel b43legacy WiFi Driver
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | b43legacy | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's b43legacy wireless driver. It involves the firmware-controlled key index used in the RX (receive) path, which can exceed the maximum number of keys allowed (dev->max_nr_keys). The existing warning mechanism (B43legacy_WARN_ON) does not enforce bounds checking in production builds, allowing an out-of-bounds read of the device's key array (dev->key[]). The fix enforces this bounds check by dropping frames with invalid key indices, preventing the out-of-bounds read.
How can this vulnerability impact me? :
This vulnerability can lead to an out-of-bounds read in the kernel memory due to improper bounds checking on the firmware key index. Such out-of-bounds reads can potentially cause system instability, crashes, or information disclosure by reading unintended memory areas.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in the Linux kernel's b43legacy driver involves an out-of-bounds read due to a non-enforcing bounds check on the firmware key index in the RX path.
To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where this issue is fixed. The fix enforces the bounds check by dropping frames with invalid indices, preventing out-of-bounds reads.