CVE Catalog

CVE-2026-46092

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

1th percentile - higher than 1% of all known CVEs

Summary

In the rtw88 driver for Wi-Fi cards, a vulnerability was detected due to missing check for the existence of the PCI upstream bridge. The pci_upstream_bridge() function returns NULL when the device is on a root bus, which may cause a crash during initialization of the 8821CE card in an unusual PCI topology.

Risk Assessment

The missing check can cause a system crash when attempting to use the 8821CE Wi-Fi card in a configuration without an upstream PCI bridge, rendering the device unusable and potentially requiring a reboot.

Recommendation

Update the Linux kernel to a version containing the fix that adds a conditional check for the existence of the upstream bridge before applying the specific workaround.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: check for PCI upstream bridge existence pci_upstream_bridge() returns NULL if the device is on a root bus. If 8821CE is installed in the system with such a PCI topology, the probing routine will crash. This has probably been unnoticed as 8821CE is mostly supplied in laptops where there is a PCI-to-PCI bridge located upstream from the device. However the card might be installed on a system with different configuration. Check if the bridge does exist for the specific workaround to be applied. Found by Linux Verification Center (linuxtesting.org) with Svace static analysis tool.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS