Skip to main content

Linux Kernel CVE-2026-43387

| EUVDEUVD-2026-28693 MEDIUM
2026-05-08 Linux GHSA-f4g6-fp8v-f3h5
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 08, 2026 - 11:37 vuln.today
CVSS changed
May 26, 2026 - 16:07 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
MEDIUM 5.5
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: properly validate the data in rtw_get_ie_ex()

Just like in commit 154828bf9559 ("staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser"), we don't trust the data in the frame so we should check the length better before acting on it

AnalysisAI

Out-of-bounds read in the Linux kernel's staging rtl8723bs WiFi driver allows a local low-privileged attacker to crash the system via improper length validation in the rtw_get_ie_ex() information element parser. The flaw mirrors a previously patched issue in the sibling rtw_get_ie() parser (commit 154828bf9559) - the fix was not consistently applied to rtw_get_ie_ex(). With a CVSS score of 5.5, local access requirement, and EPSS of 0.02% (7th percentile), this is a low-urgency availability issue with no public exploit and no KEV listing. Patches have been released across all major active stable kernel branches.

Technical ContextAI

The rtl8723bs is a Realtek RTL8723BS SDIO 802.11n wireless chipset driver residing in the Linux kernel's staging tree (drivers/staging/rtl8723bs). The vulnerability lies in rtw_get_ie_ex(), a function responsible for parsing Information Elements (IEs) from 802.11 wireless management frames. IEs are variable-length structures embedded in frames; insufficient validation of the length field before dereferencing allows reading beyond allocated buffer boundaries. The CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* confirms all Linux kernel versions from the initial commit (1da177e4c3f4) up to the respective branch fix commits are affected. Although no CWE is formally assigned, the Buffer Overflow tag and the parallel to commit 154828bf9559 indicate this is a classic CWE-125 (Out-of-Bounds Read) rooted in missing bounds checking on untrusted frame data ingested from the wireless interface.

RemediationAI

The primary remediation is to upgrade to a patched Linux kernel version in the appropriate stable branch: 5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, or 7.0. Upstream fix commits are available at https://git.kernel.org/stable/c/ac38856092b4c994f94343251b30520bdeb7f475 (and related commits for other branches). Red Hat and SUSE are tracking this issue, so users of RHEL or SUSE-based distributions should apply the next stable kernel errata when released. As a compensating control on systems where upgrading immediately is not feasible, if the rtl8723bs driver is not actively required, it can be blacklisted by adding 'blacklist r8723bs' to /etc/modprobe.d/ - this prevents the driver from loading and eliminates the attack surface entirely, with the trade-off that the associated wireless hardware will be non-functional. On systems where the hardware is needed, restricting local user account access reduces exposure given the AV:L/PR:L requirement.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43387 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy