Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: brcmfmac: Fix potential kernel oops when probe fails

When probe of the sdio brcmfmac device fails for some reasons (i.e.
missing firmware), the sdiodev->bus is set to error instead of NULL, thus
the cleanup later in brcmf_sdio_remove() tries to free resources via
invalid bus pointer. This happens because sdiodev->bus is set 2 times:
first in brcmf_sdio_probe() and second time in brcmf_sdiod_probe(). Fix
this by chaning the brcmf_sdio_probe() function to return the error code
and set sdio->bus only there.
Published: 2026-05-06
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

During the probe of an SDIO brcmfmac Wi‑Fi device, the driver mistakenly assigns the bus pointer twice—once during the main probe and again during the SDIO probe. When the probe fails, this causes the driver to set the pointer to an invalid error value instead of NULL, and later the removal routine attempts to free resources through this corrupt pointer, triggering a kernel oops. The result is a local kernel crash that disrupts system availability and could be exploited to cause a denial‑of‑service state for the user or system.

Affected Systems

All Linux kernel installations containing the brcmfmac driver are affected, regardless of distribution, until the patched code is incorporated. The bug exists in any kernel revision prior to the fix, which is relevant to devices with internal Wi‑Fi adapters using the SDIO interface.

Risk and Exploitability

No CVSS score is available and the EPSS score is not published, but the vulnerability is not currently listed in the CISA KEV catalog. Because an attacker would need to trigger the SDIO probe failure—most likely by causing the system to lack the required firmware or by interacting with a removable Wi‑Fi adapter—the risk is constrained to local exploitation. Successful exploitation results in a kernel oops and consequent reboot or loss of service for the affected device, with no confirmed privilege escalation or data compromise reported.

Generated by OpenCVE AI on May 6, 2026 at 13:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel update that includes the brcmfmac patch from commit d1b0d01538e202c00454c28b21d4432e
  • Ensure that the firmware package for brcmfmac SDIO devices is installed and up‑to‑date to prevent probe failures
  • If an immediate kernel upgrade is not possible, temporarily disable the offending Wi‑Fi adapter to avoid trigger of the crash

Generated by OpenCVE AI on May 6, 2026 at 13:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
CWE-476

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential kernel oops when probe fails When probe of the sdio brcmfmac device fails for some reasons (i.e. missing firmware), the sdiodev->bus is set to error instead of NULL, thus the cleanup later in brcmf_sdio_remove() tries to free resources via invalid bus pointer. This happens because sdiodev->bus is set 2 times: first in brcmf_sdio_probe() and second time in brcmf_sdiod_probe(). Fix this by chaning the brcmf_sdio_probe() function to return the error code and set sdio->bus only there.
Title wifi: brcmfmac: Fix potential kernel oops when probe fails
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-06T11:27:28.220Z

Reserved: 2026-05-01T14:12:55.989Z

Link: CVE-2026-43144

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:31.870

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43144

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T16:00:06Z

Weaknesses