Linux Kernel Vulnerability in RTL8723BS Driver by The Linux Foundation
CVE-2026-31626

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31626?

A vulnerability in the RTL8723BS driver of the Linux kernel has been identified, where the variable 'le_tmp64' is not properly initialized within the 'rtw_BIP_verify()' function. The implementation only copies 6 bytes into an 8-byte variable, leading to two bytes remaining uninitialized. This flaw could potentially lead to unpredictable behavior in the driver, which could compromise system stability and security. Proper initialization of 'le_tmp64' is essential to ensure expected and safe operation of the driver, thereby mitigating risks associated with using uninitialized data.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/d5b8f5f8d6fc09a8af5ed139c...

https://git.kernel.org/stable/c/b487a7754d874230299d5a9c2...

https://git.kernel.org/stable/c/c2026c6b603ebec52f5501549...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31626 Data

JSON