High severity8.8NVD Advisory· Published May 6, 2026· Updated Jun 1, 2026
CVE-2026-43113
CVE-2026-43113
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: wl1251: validate packet IDs before indexing tx_frames
wl1251_tx_packet_cb() uses the firmware completion ID directly to index the fixed 16-entry wl->tx_frames[] array. The ID is a raw u8 from the completion block, and the callback does not currently verify that it fits the array before dereferencing it.
Reject completion IDs that fall outside wl->tx_frames[] and keep the existing NULL check in the same guard. This keeps the fix local to the trust boundary and avoids touching the rest of the completion flow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.31,<6.6.136
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- (no CPE)
- osv-coords6 versionspkg:apk/chainguard/linux-aws-6.18pkg:apk/chainguard/linux-azure-6.18pkg:apk/chainguard/linux-gcp-6.18pkg:apk/chainguard/linux-qemu-6.18pkg:apk/chainguard/linux-qemu-6.18-bootc-boot-installedpkg:apk/chainguard/linux-vmware-6.18
< 6.18.31-r0+ 5 more
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.18.24-r1
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.18.24-r1
Patches
Vulnerability mechanics
References
8- git.kernel.org/stable/c/0fd56fad9c56356e7fa7a7c52e7ecbf807a44eb0nvdPatch
- git.kernel.org/stable/c/26ee518695c484f75e3606d631278e84bd24ae02nvdPatch
- git.kernel.org/stable/c/8d7465be5163a923ee5d7459719ef5a021c1584anvdPatch
- git.kernel.org/stable/c/b6ba1eacf276063ebeefbbae8056043c24f2efafnvdPatch
- git.kernel.org/stable/c/df15adc692a802636dd3f258fc7cca8bf7a0ed9anvdPatch
- git.kernel.org/stable/c/6509dbece7339dbc8980c706b9d623119a6de105nvd
- git.kernel.org/stable/c/a8a11a876f0a97061ee5d9e61d0f5a0df7e241c7nvd
- git.kernel.org/stable/c/e0dc1ad870d6788b049bfe1511ac75b2333a7550nvd
News mentions
0No linked articles in our index yet.