CVE-2026-43113
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb() uses the firmware completion ID directly to index the fixed 16-entry wl->tx_frames[] array. The ID is a raw u8 from the completion block, and the callback does not currently verify that it fits the array before dereferencing it. Reject completion IDs that fall outside wl->tx_frames[] and keep the existing NULL check in the same guard. This keeps the fix local to the trust boundary and avoids touching the rest of the completion flow.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2026-43113
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2026-43113.html
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/df15adc692a802636dd3f258fc7cca8bf7a0ed9a
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/b6ba1eacf276063ebeefbbae8056043c24f2efaf
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/8d7465be5163a923ee5d7459719ef5a021c1584a
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/26ee518695c484f75e3606d631278e84bd24ae02
Vendor advisory: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 — https://git.kernel.org/stable/c/0fd56fad9c56356e7fa7a7c52e7ecbf807a44eb0
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | forky | fixed | 6.19.14-1 |
| debian | sid | fixed | 6.19.14-1 |
| debian | trixie | fixed | 6.12.85-1 |
| linux-kernel | affected | 6.6.136 | |
| linux-kernel | 7.0 | affected | |
References
- https://git.kernel.org/stable/c/0fd56fad9c56356e7fa7a7c52e7ecbf807a44eb0
- https://git.kernel.org/stable/c/26ee518695c484f75e3606d631278e84bd24ae02
- https://git.kernel.org/stable/c/8d7465be5163a923ee5d7459719ef5a021c1584a
- https://git.kernel.org/stable/c/b6ba1eacf276063ebeefbbae8056043c24f2efaf
- https://git.kernel.org/stable/c/df15adc692a802636dd3f258fc7cca8bf7a0ed9a
- https://www.suse.com/security/cve/CVE-2026-43113.html
- https://security-tracker.debian.org/tracker/CVE-2026-43113
CWEs
CWE-476
Verify integrity in audit chain (admin only). AS-IS.