Description
In the Linux kernel, the following vulnerability has been resolved:

wifi: b43: enforce bounds check on firmware key index in b43_rx()

The firmware-controlled key index in b43_rx() can exceed the dev->key[]
array size (58 entries). The existing B43_WARN_ON is non-enforcing in
production builds, allowing an out-of-bounds read.

Make the B43_WARN_ON check enforcing by dropping the frame when the
firmware returns an invalid key index.
Published: 2026-05-28
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s wireless driver for B43 devices contains an out‑of‑bounds read that is triggered by a key index supplied by the firmware during packet reception. When the reported index exceeds the 58‑entry array, the driver performs a non‑enforcing check and copies data beyond the array boundaries. This allows an attacker to read arbitrary kernel memory, potentially exposing confidential information.

Affected Systems

The flaw affects any system running the Linux kernel with the b43 driver before the bound‑check enforcement is applied. No specific vendor release numbers are listed, so all Linux deployments that include this driver and have not yet applied the patch may be vulnerable.

Risk and Exploitability

EPSS information is not available and the vulnerability is not listed in the CISA KEV catalog, so a precise risk quantification cannot be provided. The attack vector is likely local or involves malicious firmware or crafted wireless traffic that provides an invalid key index. It is inferred that an attacker would need the ability to influence firmware or transmit crafted packets, but the fault is silent in production builds, increasing the potential impact for injected data.

Generated by OpenCVE AI on May 28, 2026 at 13:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest kernel release that incorporates the enforced bounds‑check on the b43 driver.
  • If an updated kernel is unavailable, disable the b43 driver or block the wireless interface to eliminate the attack surface.
  • Monitor system logs for any messages related to out‑of‑bounds indices, and ensure that only trusted firmware is installed to prevent malicious key index values.

Generated by OpenCVE AI on May 28, 2026 at 13:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
References

Thu, 28 May 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: wifi: b43: enforce bounds check on firmware key index in b43_rx() The firmware-controlled key index in b43_rx() can exceed the dev->key[] array size (58 entries). The existing B43_WARN_ON is non-enforcing in production builds, allowing an out-of-bounds read. Make the B43_WARN_ON check enforcing by dropping the frame when the firmware returns an invalid key index.
Title wifi: b43: enforce bounds check on firmware key index in b43_rx()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-28T09:35:37.141Z

Reserved: 2026-05-13T15:03:33.098Z

Link: CVE-2026-46122

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-28T10:16:27.713

Modified: 2026-05-28T13:44:01.663

Link: CVE-2026-46122

cve-icon Redhat

Severity :

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46122 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T13:15:22Z

Weaknesses