High severity7.1NVD Advisory· Published Apr 24, 2026· Updated Apr 27, 2026

CVE-2026-31626

Description

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()

Initialize le_tmp64 to zero in rtw_BIP_verify() to prevent using uninitialized data.

Smatch warns that only 6 bytes are copied to this 8-byte (u64) variable, leaving the last two bytes uninitialized:

drivers/staging/rtl8723bs/core/rtw_security.c:1308 rtw_BIP_verify() warn: not copying enough bytes for '&le_tmp64' (8 vs 6 bytes)

Initializing the variable at the start of the function fixes this warning and ensures predictable behavior.

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=4.12,<6.6.136

No patches discovered yet.

AI mechanics synthesis has not run for this CVE yet.

No linked articles in our index yet.

HighCVSS v3.1

7.1/ 10

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Probability of exploitation in the next 30 days.

0.03%

Composite of severity, exploitation, and reach.

0.46medium

CVE-2026-31626