Linux Kernel Vulnerability in Wireless Network Interface
CVE-2026-43110

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43110?

A vulnerability has been identified in the Linux kernel related to the brcmfmac wireless driver. The issue arises from insufficient validation of the interface index provided by firmware in IF events. While the brcmf_fweh_handle_if_event() function checks the interface index prior to accessing the drvr->iflist[], it incorrectly utilizes the raw bsscfgidx field as an array index, lacking proper range checks. This oversight necessitates the rejection of IF events when the bsscfg index does not align with the bounds of drvr->iflist[]. Addressing this vulnerability is critical to maintaining the integrity and security of wireless networking in Linux environments.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3ec7437e9d11374105c2c4e47ae671537729d7e6

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9fca68c2512a362cad258e4df12a307bb2ee4b8e

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1ae1e1caa428844e481231f6dbe9b4f475f1d52d

References

https://git.kernel.org/stable/c/3ec7437e9d11374105c2c4e47...

https://git.kernel.org/stable/c/9fca68c2512a362cad258e4df...

https://git.kernel.org/stable/c/1ae1e1caa428844e481231f6d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43110 Data

JSON