CVE-2026-46305
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk4th percentile - higher than 4% of all known CVEs
Summary
In the Linux kernel, the staging driver rtl8723bs has a vulnerability where the return value of kzalloc_flex() in rtw_cbuf_alloc is not checked, leading to a potential NULL pointer dereference if memory allocation fails.
Risk Assessment
The risk involves a possible kernel panic or system crash under low memory conditions, potentially disrupting network services relying on this driver.
Recommendation
Immediately update the Linux kernel to a version that includes the fix guarding access to the allocated structure against a potential NULL pointer.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc The return value of kzalloc_flex() is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access to the allocated structure to avoid a potential NULL pointer dereference if the allocation fails.

