Description
In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc

The return value of kzalloc_flex() is used without
ensuring that the allocation succeeded, and the
pointer is dereferenced unconditionally.

Guard the access to the allocated structure to
avoid a potential NULL pointer dereference if the
allocation fails.
Published: 2026-06-08
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a NULL pointer dereference in the rtl8723bs driver for the Linux kernel. It occurs when the kernel fails to allocate a buffer with kzalloc_flex and proceeds to dereference the returned pointer unconditionally. This can cause the kernel to crash, resulting in a denial of service on the affected system. The weakness falls under CWE‑476 and CWE‑690.

Affected Systems

Any Linux system that includes the rtl8723bs wireless driver prior to the application of the fix is affected. This encompasses most distributions that ship the driver in the staging tree of the kernel. No specific kernel version list is provided, but any kernel release before the commit that guards the allocation is vulnerable.

Risk and Exploitability

The CVSS score is not disclosed, and the EPSS score is not available, so the precise quantitative risk is unknown. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local kernel privileges to trigger the crash, so while it cannot lead to remote code execution, it can be deniable by an attacker with physical or local access to the system. The risk is moderate, mainly due to potential service disruption.

Generated by OpenCVE AI on June 8, 2026 at 18:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the patch that checks the kzalloc_flex return value before dereferencing the pointer.
  • If an immediate kernel upgrade is not feasible, disable the rtl8723bs module to avoid using the vulnerable driver.
  • For custom kernels, manually apply the commit that adds the NULL check to the rtl8723bs driver source before building and installing the module.

Generated by OpenCVE AI on June 8, 2026 at 18:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
CWE-690

Mon, 08 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc The return value of kzalloc_flex() is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access to the allocated structure to avoid a potential NULL pointer dereference if the allocation fails.
Title staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-08T15:46:32.831Z

Reserved: 2026-05-13T15:03:33.111Z

Link: CVE-2026-46305

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T17:16:49.253

Modified: 2026-06-08T17:16:49.253

Link: CVE-2026-46305

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T20:00:15Z

Weaknesses