CVE-2026-43267 - Vulnerability Details

- wifi: rtw89: fix potential zero beacon interval in beacon tracking

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw89: fix potential zero beacon interval in beacon tracking

During fuzz testing, it was discovered that bss_conf->beacon_int
might be zero, which could result in a division by zero error in
subsequent calculations. Set a default value of 100 TU if the
interval is zero to ensure stability.

Published: 2026-05-06

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a potential division‑by‑zero error in the Linux kernel’s rtw89 Wi‑Fi driver when processing beacon frames whose interval field is zero. If an attacker can cause the driver to encounter a zero beacon interval during beacon tracking, the driver’s calculation that divides by this value can abort the kernel, leading to a crash and a loss of system availability. The upstream patch assigns a default interval of 100 time units when the reported interval is zero, thereby preventing the fault and restoring normal operation.

Affected Systems

This issue affects Linux kernel builds that include the rtw89 driver for Realtek 8xxN series Wi‑Fi adapters. The CNA record lists the generic Linux kernel, and the patch reference indicates it applies to all kernel versions that ship the driver. Because no specific kernel release or firmware revision is given, any kernel that loads the rtw89 module and has not applied the fix may be vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium impact, while the EPSS score of less than 1% suggests a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, so there are no confirmed public exploits as of the current data. An attacker would need to be within transmission range of the machine and able to manipulate or spoof beacon frames, a scenario that could occur in a Wi‑Fi environment or via a rogue access point. Consequently, the risk is moderate but should be mitigated promptly to avoid a system crash.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`d360551f265e3c942ce06cd6f4d2f7f67741bcbd`	affected	< 1260bee01493126cf9c872b6ca2af261173baa6d
`d360551f265e3c942ce06cd6f4d2f7f67741bcbd`	affected	< e00c9a4ec84c0bb067833b34202f457badbbc1c1
`d360551f265e3c942ce06cd6f4d2f7f67741bcbd`	affected	< eb57be32f438c57c88d6ce756101c1dfbcc03bba

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,1260bee01493126cf9c872b6ca2af261173baa6d)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,e00c9a4ec84c0bb067833b34202f457badbbc1c1)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,eb57be32f438c57c88d6ce756101c1dfbcc03bba)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a release that includes the rtw89 driver fix, or apply the upstream patch referenced in the advisory to the source tree and rebuild the kernel module.
If a kernel upgrade is not immediately feasible, download the relevant patch, apply it to the driver source, recompile the module, and reinstall it so the patched driver is loaded on the next boot.
While awaiting a kernel update or module rebuild, disable or remove the Realtek 8xxN Wi‑Fi adapter, or temporarily blacklist the rtw89 driver to stop beacon processing until the fix is active, then reboot to load the patched version.

Generated by OpenCVE AI on May 8, 2026 at 22:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1260bee01493126cf9c872b6ca2af261173baa6d
https://git.kernel.org/stable/c/e00c9a4ec84c0bb067833b34202f457badbbc1c1
https://git.kernel.org/stable/c/eb57be32f438c57c88d6ce756101c1dfbcc03bba
https://lore.kernel.org/linux-cve-announce/2026050609-CVE-2026-43267-d9b7@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43267
https://www.cve.org/CVERecord?id=CVE-2026-43267

History

Fri, 08 May 2026 21:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Thu, 07 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026050609-CVE-2026-43267-d9b7@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43267 https://www.cve.org/CVERecord?id=CVE-2026-43267
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Wed, 06 May 2026 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-369

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential zero beacon interval in beacon tracking During fuzz testing, it was discovered that bss_conf->beacon_int might be zero, which could result in a division by zero error in subsequent calculations. Set a default value of 100 TU if the interval is zero to ensure stability.
Title		wifi: rtw89: fix potential zero beacon interval in beacon tracking
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1260bee01493126cf9c872b6ca2af261173baa6d https://git.kernel.org/stable/c/e00c9a4ec84c0bb067833b34202f457badbbc1c1 https://git.kernel.org/stable/c/eb57be32f438c57c88d6ce756101c1dfbcc03bba

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:52.887Z

Updated: 2026-05-11T22:21:15.288Z

Reserved: 2026-05-01T14:12:55.997Z

Link: CVE-2026-43267

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:47.810

Modified: 2026-05-08T21:03:42.570

Link: CVE-2026-43267

Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43267 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-08T22:45:05Z

Weaknesses

CWE-369

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object