Description
In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()

Initialize le_tmp64 to zero in rtw_BIP_verify() to prevent using
uninitialized data.

Smatch warns that only 6 bytes are copied to this 8-byte (u64)
variable, leaving the last two bytes uninitialized:

drivers/staging/rtl8723bs/core/rtw_security.c:1308 rtw_BIP_verify()
warn: not copying enough bytes for '&le_tmp64' (8 vs 6 bytes)

Initializing the variable at the start of the function fixes this
warning and ensures predictable behavior.
Published: 2026-04-24
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Uninitialized memory usage in the rtl8723bs driver can cause unpredictable kernel behavior
Action: Patch
AI Analysis

Impact

The rtl8723bs wireless driver in the Linux kernel contains an uninitialized memory condition in the function rtw_BIP_verify(). The driver copies only six bytes into an eight‑byte u64 variable le_tmp64, leaving the upper two bytes undefined. When the variable is used later, the unpredictable content can affect calculations or state transitions in the driver, potentially causing kernel instability or incorrect behavior. The fix initializes the variable to zero before it is used, removing the undefined data.

Affected Systems

Any Linux kernel that includes the staging rtl8723bs driver is affected, independent of version. The vulnerability is present in the code path until the commit that adds the initialization is incorporated. The affected product is the Linux kernel across all distributions shipping this driver, as identified by the CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:

Risk and Exploitability

The CVSS score of 7.1 signals moderate severity, while the EPSS score of less than 1% indicates a very low likelihood of exploitation. The vulnerability is not listed in CISA KEV. No explicit attack vector is documented; based on the description, exploitation would likely require local or privileged access to manipulate the driver or load it, making the risk to exposed hosts low under typical conditions.

Generated by OpenCVE AI on April 29, 2026 at 02:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that incorporates the rtw_BIP_verify() bug fix which zero‑initializes the le_tmp64 variable.
  • If using a custom or older kernel, apply the patch that adds the initialization to rtl8723bs/rtw_security.c or backport the commit to the running kernel.
  • If an immediate update cannot be applied, disable or remove the rtl8723bs staging driver to eliminate the vulnerable code path.

Generated by OpenCVE AI on April 29, 2026 at 02:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6238-1 linux security update
History

Mon, 27 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H'}

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
References

Mon, 27 Apr 2026 11:30:00 +0000

Type Values Removed Values Added
References

Sat, 25 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-908
References

Fri, 24 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() Initialize le_tmp64 to zero in rtw_BIP_verify() to prevent using uninitialized data. Smatch warns that only 6 bytes are copied to this 8-byte (u64) variable, leaving the last two bytes uninitialized: drivers/staging/rtl8723bs/core/rtw_security.c:1308 rtw_BIP_verify() warn: not copying enough bytes for '&le_tmp64' (8 vs 6 bytes) Initializing the variable at the start of the function fixes this warning and ensures predictable behavior.
Title staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:12:26.892Z

Reserved: 2026-03-09T15:48:24.124Z

Link: CVE-2026-31626

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T15:16:41.907

Modified: 2026-04-27T20:49:50.310

Link: CVE-2026-31626

cve-icon Redhat

Severity :

Publid Date: 2026-04-24T00:00:00Z

Links: CVE-2026-31626 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T02:30:07Z

Weaknesses