wifi: brcmfmac: validate bsscfg indices in IF events_CVE-2026-43110

8.8 / 10

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: brcmfmac: validate bsscfg indices in IF events

brcmf_fweh_handle_if_event() validates the firmware-provided interface
index before it touches drvr->iflist[], but it still uses the raw
bsscfgidx field as an array index without a matching range check.

Reject IF events whose bsscfg index does not fit in drvr->iflist[]
before indexing the interface array.

[add missing wifi prefix]

AI Analysis

Linux kernel vulnerability in brcmfmac module allowing potential code execution due to lack of validation of bsscfg indices in IF events

Basic Information

ID CVE-2026-43110

Source Linux

Published May 6, 2026 at 07:40

Modified May 8, 2026 at 12:40

Affected Product

Vendor Linux

Product Linux

Version 2880b86859967af710c72f7d34fb421a86a71e22

Affected Versions Linux Linux 2880b86859967af710c72f7d34fb421a86a71e22
Linux Linux 2880b86859967af710c72f7d34fb421a86a71e22
Linux Linux 2880b86859967af710c72f7d34fb421a86a71e22
Linux Linux 2880b86859967af710c72f7d34fb421a86a71e22
Linux Linux 2880b86859967af710c72f7d34fb421a86a71e22
Linux Linux 3.9

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Linux

Product Linux kernel

Version 3.9, 2880b86859967af710c72f7d34fb421a86a71e22

References

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: validate bsscfg indices in IF events\n\nbrcmf_fweh_handle_if_event() validates the firmware-provided interface\nindex before it touches drvr->iflist[], but it still uses the raw\nbsscfgidx field as an array index without a matching range check.\n\nReject IF events whose bsscfg index does not fit in drvr->iflist[]\nbefore indexing the interface array.\n\n[add missing wifi prefix]",
    "published": "2026-05-06T07:40:37.250Z",
    "modified": "2026-05-08T12:40:34.959Z",
    "type": "cve",
    "title": "wifi: brcmfmac: validate bsscfg indices in IF events",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/3ec7437e9d11374105c2c4e47ae671537729d7e6\nhttps://git.kernel.org/stable/c/9fca68c2512a362cad258e4df12a307bb2ee4b8e\nhttps://git.kernel.org/stable/c/1ae1e1caa428844e481231f6dbe9b4f475f1d52d\nhttps://git.kernel.org/stable/c/b427c2b05222db36d32ee141609de6128e9091bb\nhttps://git.kernel.org/stable/c/304950a467d83678bd0b0f46331882e2ac23b12d",
    "id": "CVE-2026-43110",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux 2880b86859967af710c72f7d34fb421a86a71e22\nLinux Linux 2880b86859967af710c72f7d34fb421a86a71e22\nLinux Linux 2880b86859967af710c72f7d34fb421a86a71e22\nLinux Linux 2880b86859967af710c72f7d34fb421a86a71e22\nLinux Linux 2880b86859967af710c72f7d34fb421a86a71e22\nLinux Linux 3.9",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "2880b86859967af710c72f7d34fb421a86a71e22",
    "vendor": "Linux",
    "ai_description": "Linux kernel vulnerability in brcmfmac module allowing potential code execution due to lack of validation of bsscfg indices in IF events",
    "ai_severity": "High",
    "ai_vendor": "Linux",
    "ai_product": "Linux kernel",
    "ai_version": "3.9, 2880b86859967af710c72f7d34fb421a86a71e22",
    "ai_score": 8.8
}