Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-06T00:00:00 kernel: wifi: brcmfmac: validate bsscfg indices in IF events 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-1285

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index before it touches drvr->iflist[], but it still uses the raw bsscfgidx field as an array index without a matching range check. Reject IF events whose bsscfg index does not fit in drvr->iflist[] before indexing the interface array. [add missing wifi prefix]

A flaw was found in the Linux kernel's brcmfmac Wi-Fi driver. This vulnerability occurs because the driver fails to properly validate bsscfg indices in interface (IF) events. An attacker could exploit this by sending a specially crafted IF event with an invalid bsscfg index, which could lead to an out-of-bounds write or read, potentially causing a system crash and resulting in a denial of service (DoS).

Red Hat Enterprise Linux 10 Affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Affected kernel Red Hat Enterprise Linux 7 Affected kernel-rt Red Hat Enterprise Linux 8 Affected kernel Red Hat Enterprise Linux 8 Affected kernel-rt Red Hat Enterprise Linux 9 Affected kernel Red Hat Enterprise Linux 9 Affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43110 https://nvd.nist.gov/vuln/detail/CVE-2026-43110 https://lore.kernel.org/linux-cve-announce/2026050624-CVE-2026-43110-7309@gregkh/T