CVE-2026-46122
published 2026-05-28CVE-2026-46122: In the Linux kernel, the following vulnerability has been resolved: wifi: b43: enforce bounds check on firmware key index in b43_rx() The firmware-controlled…
In the Linux kernel, the following vulnerability has been resolved:
wifi: b43: enforce bounds check on firmware key index in b43_rx()
The firmware-controlled key index in b43_rx() can exceed the dev->key[]
array size (58 entries). The existing B43_WARN_ON is non-enforcing in
production builds, allowing an out-of-bounds read.
Make the B43_WARN_ON check enforcing by dropping the frame when the
firmware returns an invalid key index.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux | — | — |
| linux | linux | >= e4d6b7951812d98417feb10784e400e253caf633 < 135cb49c9a42a02cceeac7b49ec03e267f7ed6d6 | 135cb49c9a42a02cceeac7b49ec03e267f7ed6d6 |
| linux | linux | >= e4d6b7951812d98417feb10784e400e253caf633 < 3157ad40b084a8f3932da2641749ab45e99b933e | 3157ad40b084a8f3932da2641749ab45e99b933e |
| linux | linux | >= e4d6b7951812d98417feb10784e400e253caf633 < 765709720e6af9a178abc40244a8d1aa39ac4e71 | 765709720e6af9a178abc40244a8d1aa39ac4e71 |
| linux | linux | >= e4d6b7951812d98417feb10784e400e253caf633 < c3d7b90dc95020cd9282c4630e402fe224f7644e | c3d7b90dc95020cd9282c4630e402fe224f7644e |
| linux | linux | >= e4d6b7951812d98417feb10784e400e253caf633 < 1e9e55cf66f0fa4799f4d86ef3aaba8e606b5c14 | 1e9e55cf66f0fa4799f4d86ef3aaba8e606b5c14 |
| linux | linux | >= e4d6b7951812d98417feb10784e400e253caf633 < d7029879bafdac2006c67553807d122283dc6cbf | d7029879bafdac2006c67553807d122283dc6cbf |
| linux | linux | >= e4d6b7951812d98417feb10784e400e253caf633 < 219ba67e69e49681e48c822d6eaafb5def032f34 | 219ba67e69e49681e48c822d6eaafb5def032f34 |
| linux | linux | >= e4d6b7951812d98417feb10784e400e253caf633 < 1f4f78bf8549e6ac4f04fba4176854f3a6e0c332 | 1f4f78bf8549e6ac4f04fba4176854f3a6e0c332 |
| linux | linux_kernel | — | — |