CVE-2026-43144
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential kernel oops when probe fails When probe of the sdio brcmfmac device fails for some reasons (i.e. missing firmware), the sdiodev->bus is set to error instead of NULL, thus the cleanup later in brcmf_sdio_remove() tries to free resources via invalid bus pointer. This happens because sdiodev->bus is set 2 times: first in brcmf_sdio_probe() and second time in brcmf_sdiod_probe(). Fix this by chaning the brcmf_sdio_probe() function to return the error code and set sdio->bus only there.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 6.19.6-1 |
| debian | sid | fixed | 6.19.6-1 |
| debian | trixie | fixed | 0 |
| linux-kernel | affected | 6.18.16 | |
| linux-kernel | 7.0 | affected | |
References
- https://git.kernel.org/stable/c/243307a0d1b0d01538e202c00454c28b21d4432e
- https://git.kernel.org/stable/c/379aac7ee8240848aa35f605b06addb4617c863e
- https://git.kernel.org/stable/c/64ccb0aac41c5055780c2a58bbe2c1b362ceccde
- https://www.suse.com/security/cve/CVE-2026-43144.html
- https://security-tracker.debian.org/tracker/CVE-2026-43144
CWEs
CWE-476
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.