8.8

CVE-2026-43113

wifi: wl1251: validate packet IDs before indexing tx_frames

In the Linux kernel, the following vulnerability has been resolved:

wifi: wl1251: validate packet IDs before indexing tx_frames

wl1251_tx_packet_cb() uses the firmware completion ID directly to index
the fixed 16-entry wl->tx_frames[] array. The ID is a raw u8 from the
completion block, and the callback does not currently verify that it
fits the array before dereferencing it.

Reject completion IDs that fall outside wl->tx_frames[] and keep the
existing NULL check in the same guard. This keeps the fix local to the
trust boundary and avoids touching the rest of the completion flow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.31 < 6.6.136
LinuxLinux Kernel Version >= 6.7 < 6.12.83
LinuxLinux Kernel Version >= 6.13 < 6.18.24
LinuxLinux Kernel Version >= 6.19 < 6.19.14
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.157
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/b6ba1eacf276063ebeefbbae8056043c24f2efaf
Patch
https://git.kernel.org/stable/c/df15adc692a802636dd3f258fc7cca8bf7a0ed9a
Patch
https://git.kernel.org/stable/c/8d7465be5163a923ee5d7459719ef5a021c1584a
Patch
https://git.kernel.org/stable/c/26ee518695c484f75e3606d631278e84bd24ae02
Patch
https://git.kernel.org/stable/c/0fd56fad9c56356e7fa7a7c52e7ecbf807a44eb0
Patch
https://git.kernel.org/stable/c/6509dbece7339dbc8980c706b9d623119a6de105
https://git.kernel.org/stable/c/a8a11a876f0a97061ee5d9e61d0f5a0df7e241c7
https://git.kernel.org/stable/c/e0dc1ad870d6788b049bfe1511ac75b2333a7550