8.8
CVE-2026-43113
- EPSS 0.25%
- Veröffentlicht 06.05.2026 07:40:39
- Zuletzt bearbeitet 01.06.2026 17:17:04
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
wifi: wl1251: validate packet IDs before indexing tx_frames
In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb() uses the firmware completion ID directly to index the fixed 16-entry wl->tx_frames[] array. The ID is a raw u8 from the completion block, and the callback does not currently verify that it fits the array before dereferencing it. Reject completion IDs that fall outside wl->tx_frames[] and keep the existing NULL check in the same guard. This keeps the fix local to the trust boundary and avoids touching the rest of the completion flow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.31 < 6.6.136
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.83
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.24
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.14
Linux ≫ Linux Kernel Version7.0 Updaterc1
Linux ≫ Linux Kernel Version7.0 Updaterc2
Linux ≫ Linux Kernel Version7.0 Updaterc3
Linux ≫ Linux Kernel Version7.0 Updaterc4
Linux ≫ Linux Kernel Version7.0 Updaterc5
Linux ≫ Linux Kernel Version7.0 Updaterc6
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.157 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/b6ba1eacf276063ebeefbbae8056043c24f2efaf
https://git.kernel.org/stable/c/df15adc692a802636dd3f258fc7cca8bf7a0ed9a
https://git.kernel.org/stable/c/8d7465be5163a923ee5d7459719ef5a021c1584a
https://git.kernel.org/stable/c/26ee518695c484f75e3606d631278e84bd24ae02
https://git.kernel.org/stable/c/0fd56fad9c56356e7fa7a7c52e7ecbf807a44eb0
https://git.kernel.org/stable/c/6509dbece7339dbc8980c706b9d623119a6de105
https://git.kernel.org/stable/c/a8a11a876f0a97061ee5d9e61d0f5a0df7e241c7
https://git.kernel.org/stable/c/e0dc1ad870d6788b049bfe1511ac75b2333a7550