Skip to main content

Linux Kernel wl1251 EUVD-2026-27635

| CVE-2026-43113 HIGH
NULL Pointer Dereference (CWE-476)
2026-05-06 Linux GHSA-4c54-jj6j-3j34
Denial Of Service Linux Null Pointer Dereference Red Hat Suse
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 13:28 vuln.today
CVSS changed
May 08, 2026 - 13:22 NVD
8.8 (HIGH)
Patch available
May 06, 2026 - 11:31 EUVD
CVE Published
May 06, 2026 - 07:40 nvd
HIGH 8.8

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

wifi: wl1251: validate packet IDs before indexing tx_frames

wl1251_tx_packet_cb() uses the firmware completion ID directly to index the fixed 16-entry wl->tx_frames[] array. The ID is a raw u8 from the completion block, and the callback does not currently verify that it fits the array before dereferencing it.

Reject completion IDs that fall outside wl->tx_frames[] and keep the existing NULL check in the same guard. This keeps the fix local to the trust boundary and avoids touching the rest of the completion flow.

AnalysisAI

Out-of-bounds array indexing in Linux kernel's wl1251 wireless driver allows adjacent network attackers to achieve high-impact memory corruption without authentication. The wl1251_tx_packet_cb() function uses untrusted firmware completion IDs directly to index a fixed 16-entry tx_frames array without bounds validation, enabling attackers on the same wireless network segment to read/write arbitrary kernel memory. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify systems running affected wl1251 wireless driver by auditing kernel versions (6.6.x pre-6.6.136, 6.12.x pre-6.12.83, 6.18.x pre-6.18.24, 6.19.x pre-6.19.14, or 7.0.x pre-7.0) and hardware inventory. Within 7 days: Test and deploy kernel updates to patched versions (Linux 6.6.136, 6.12.83, 6.18.24, 6.19.14, or 7.0 stable releases) across all affected systems. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-9277 HIGH
8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
CVE-2026-9256 HIGH
8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
CVE-2026-47334 MEDIUM
5.5 May 28

Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect
CVE-2026-47335 MEDIUM
5.5 May 28

Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authentic
CVE-2026-47327 LOW
3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 allows a local unprivileged user to crash th

Vendor StatusVendor

Share

EUVD-2026-27635 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy