CVE Catalog

CVE-2026-46305

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile - higher than 4% of all known CVEs

Summary

In the Linux kernel, the staging driver rtl8723bs has a vulnerability where the return value of kzalloc_flex() in rtw_cbuf_alloc is not checked, leading to a potential NULL pointer dereference if memory allocation fails.

Risk Assessment

The risk involves a possible kernel panic or system crash under low memory conditions, potentially disrupting network services relying on this driver.

Recommendation

Immediately update the Linux kernel to a version that includes the fix guarding access to the allocated structure against a potential NULL pointer.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc The return value of kzalloc_flex() is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access to the allocated structure to avoid a potential NULL pointer dereference if the allocation fails.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS