Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: brcmfmac: validate bsscfg indices in IF events

brcmf_fweh_handle_if_event() validates the firmware-provided interface
index before it touches drvr->iflist[], but it still uses the raw
bsscfgidx field as an array index without a matching range check.

Reject IF events whose bsscfg index does not fit in drvr->iflist[]
before indexing the interface array.

[add missing wifi prefix]
Published: 2026-05-06
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The brcmfmac Wi‑Fi driver contains a bug where a firmware‑supplied interface index is checked before use, but the raw index is still employed as an array index without a bounds check. This omission allows a driver to write outside the intended array, corrupting kernel memory and potentially enabling privilege escalation or a system crash.

Affected Systems

All Linux kernel versions that include the brcmfmac module, specifically kernel releases 7.0 rc1 through rc7 as indicated by the CPE entries. Any system using these kernel configurations with the brcmfmac driver loaded is susceptible.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, yet the EPSS score of less than 1% suggests a low probability of real‑world exploitation at present. The vulnerability requires delivery of a specially crafted IF event, likely via a malicious wireless frame or manipulated firmware, to trigger the out‑of‑bounds write. It is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on May 8, 2026 at 22:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that includes the patched brcmfmac driver, which adds proper bounds checking for bsscfg indices.
  • If Wi‑Fi functionality is not required, unload or blacklist the brcmfmac module to eliminate the attack surface.
  • Keep abreast of kernel changelogs for additional fixes or regressions related to the Wi‑Fi driver.

Generated by OpenCVE AI on May 8, 2026 at 22:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Fri, 08 May 2026 13:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 07 May 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CWE-788

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1285
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Wed, 06 May 2026 13:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CWE-788

Wed, 06 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index before it touches drvr->iflist[], but it still uses the raw bsscfgidx field as an array index without a matching range check. Reject IF events whose bsscfg index does not fit in drvr->iflist[] before indexing the interface array. [add missing wifi prefix]
Title wifi: brcmfmac: validate bsscfg indices in IF events
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:17:55.761Z

Reserved: 2026-05-01T14:12:55.986Z

Link: CVE-2026-43110

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T10:16:24.690

Modified: 2026-05-08T20:14:50.097

Link: CVE-2026-43110

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43110 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T22:30:18Z

Weaknesses