CVE-2026-46163
Description
In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX path Same fix as b43: the firmware-controlled key index in b43legacy_rx() can exceed dev->max_nr_keys. The existing B43legacy_WARN_ON is non-enforcing in production builds, allowing an out-of-bounds read of dev->key[]. Make the check enforcing by dropping the frame for invalid indices.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | forky | fixed | 7.0.7-1 |
| debian | sid | fixed | 7.0.7-1 |
| debian | trixie | fixed | 6.12.88-1 |
| sles | affected | |
References
- https://git.kernel.org/stable/c/1baaeb6adecb9691748c0253dab6ddd19a2b4e9e
- https://git.kernel.org/stable/c/6ee946077607d7783ae6709a899213fc4fe08f35
- https://git.kernel.org/stable/c/9d1bc155802943e92c57a5fb923d23edfbf0b525
- https://git.kernel.org/stable/c/a035766f970bde2d4298346a31a80685be5c0205
- https://git.kernel.org/stable/c/fdd4e51979f42ca8b1ab7e6176b607e1caabf2a5
- https://security-tracker.debian.org/tracker/CVE-2026-46163
- https://www.suse.com/security/cve/CVE-2026-46163.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.