CVE-2026-43225 - Vulnerability Details

- staging: rtl8723bs: fix memory leak on failure path

Description

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: fix memory leak on failure path

cfg80211_inform_bss_frame() may return NULL on failure. In that case,
the allocated buffer 'buf' is not freed and the function returns early,
leading to potential memory leak.
Fix this by ensuring that 'buf' is freed on both success and failure paths.

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 9874e33ce52ba449ab0ade78752a2d37a2294617
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< a968c6a39607c129b8ac2c3c2a5e8923574e90d0
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 8311bb40698ba027649d5d1ca84ad4bf25270546
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 9f70f78e22b321429afc77befecedf05543d4e2c
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< af48c1a0abe849e167fc754b6c260b6d8350b6fd
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 017295b17bf1f477246c95bd253a7ef0cb4684c9
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< abe850d82c8cb72d28700673678724e779b1826e

Linux

affected

Version	Status	Constraints
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/017295b17bf1f477246c95bd253a7ef0cb4684c9
https://git.kernel.org/stable/c/8311bb40698ba027649d5d1ca84ad4bf25270546
https://git.kernel.org/stable/c/9874e33ce52ba449ab0ade78752a2d37a2294617
https://git.kernel.org/stable/c/9f70f78e22b321429afc77befecedf05543d4e2c
https://git.kernel.org/stable/c/a968c6a39607c129b8ac2c3c2a5e8923574e90d0
https://git.kernel.org/stable/c/abe850d82c8cb72d28700673678724e779b1826e
https://git.kernel.org/stable/c/af48c1a0abe849e167fc754b6c260b6d8350b6fd

History

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix memory leak on failure path cfg80211_inform_bss_frame() may return NULL on failure. In that case, the allocated buffer 'buf' is not freed and the function returns early, leading to potential memory leak. Fix this by ensuring that 'buf' is freed on both success and failure paths.
Title		staging: rtl8723bs: fix memory leak on failure path
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/017295b17bf1f477246c95bd253a7ef0cb4684c9 https://git.kernel.org/stable/c/8311bb40698ba027649d5d1ca84ad4bf25270546 https://git.kernel.org/stable/c/9874e33ce52ba449ab0ade78752a2d37a2294617 https://git.kernel.org/stable/c/9f70f78e22b321429afc77befecedf05543d4e2c https://git.kernel.org/stable/c/a968c6a39607c129b8ac2c3c2a5e8923574e90d0 https://git.kernel.org/stable/c/abe850d82c8cb72d28700673678724e779b1826e https://git.kernel.org/stable/c/af48c1a0abe849e167fc754b6c260b6d8350b6fd

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:24.289Z

Updated: 2026-05-06T11:28:24.289Z

Reserved: 2026-05-01T14:12:55.994Z

Link: CVE-2026-43225

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:42.270

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43225

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object