CVE-2026-46122
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel within the wifi b43 module, allowing the firmware-controlled key index in b43_rx() to exceed the size of the dev->key[] array. Changes have been made to enforce bounds checking to prevent out-of-bounds reads.
Risk Assessment
This vulnerability could lead to unauthorized memory access, posing risks of data leakage or system instability. Organizations should be aware of potential threats associated with improper functioning of the wifi module.
Recommendation
It is recommended to update the Linux kernel to the latest version to benefit from the fixes related to this vulnerability. Additionally, monitoring system logs for invalid key index occurrences may be helpful.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: wifi: b43: enforce bounds check on firmware key index in b43_rx() The firmware-controlled key index in b43_rx() can exceed the dev->key[] array size (58 entries). The existing B43_WARN_ON is non-enforcing in production builds, allowing an out-of-bounds read. Make the B43_WARN_ON check enforcing by dropping the frame when the firmware returns an invalid key index.

