{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43386", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:56.006Z", "datePublished": "2026-05-08T14:21:32.646Z", "dateUpdated": "2026-05-11T22:23:35.007Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:23:35.007Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie\n\nThe current code checks 'i + 5 < in_len' at the end of the if statement.\nHowever, it accesses 'in_ie[i + 5]' before that check, which can lead\nto an out-of-bounds read. Move the length check to the beginning of the\nconditional to ensure the index is within bounds before accessing the\narray."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/staging/rtl8723bs/core/rtw_mlme.c"], "versions": [{"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b", "lessThan": "6ff2243d5e05a5239e39d4ba61d96b0ea3bf7259", "status": "affected", "versionType": "git"}, {"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b", "lessThan": "12cc6e8f8d4245b7b5a408c6fc8ab1d098d67020", "status": "affected", "versionType": "git"}, {"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b", "lessThan": "209644e25757c499e1c1f08c071ea0386d4448b6", "status": "affected", "versionType": "git"}, {"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b", "lessThan": "768f25613a9fe6766d15a4a72979657adfc1c6d8", "status": "affected", "versionType": "git"}, {"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b", "lessThan": "e14a1148f02e8cf1ca380d57e4b95ca36c97f45d", "status": "affected", "versionType": "git"}, {"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b", "lessThan": "4dd2d9cf563c54e09d5f7eacf95c5b8f538b513b", "status": "affected", "versionType": "git"}, {"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b", "lessThan": "d97fc1b29513010b60fde874c7f0ba816744e18c", "status": "affected", "versionType": "git"}, {"version": "554c0a3abf216c991c5ebddcdb2c08689ecd290b", "lessThan": "a75281626fc8fa6dc6c9cc314ee423e8bc45203b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/staging/rtl8723bs/core/rtw_mlme.c"], "versions": [{"version": "4.12", "status": "affected"}, {"version": "0", "lessThan": "4.12", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.78", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.19", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.9", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "6.12.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "6.18.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "6.19.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.12", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6ff2243d5e05a5239e39d4ba61d96b0ea3bf7259"}, {"url": "https://git.kernel.org/stable/c/12cc6e8f8d4245b7b5a408c6fc8ab1d098d67020"}, {"url": "https://git.kernel.org/stable/c/209644e25757c499e1c1f08c071ea0386d4448b6"}, {"url": "https://git.kernel.org/stable/c/768f25613a9fe6766d15a4a72979657adfc1c6d8"}, {"url": "https://git.kernel.org/stable/c/e14a1148f02e8cf1ca380d57e4b95ca36c97f45d"}, {"url": "https://git.kernel.org/stable/c/4dd2d9cf563c54e09d5f7eacf95c5b8f538b513b"}, {"url": "https://git.kernel.org/stable/c/d97fc1b29513010b60fde874c7f0ba816744e18c"}, {"url": "https://git.kernel.org/stable/c/a75281626fc8fa6dc6c9cc314ee423e8bc45203b"}], "title": "staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie\n\nThe current code checks 'i + 5 < in_len' at the end of the if statement.\nHowever, it accesses 'in_ie[i + 5]' before that check, which can lead\nto an out-of-bounds read. Move the length check to the beginning of the\nconditional to ensure the index is within bounds before accessing the\narray."}], "id": "CVE-2026-43386", "lastModified": "2026-05-12T14:10:27.343", "metrics": {}, "published": "2026-05-08T15:16:49.933", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/12cc6e8f8d4245b7b5a408c6fc8ab1d098d67020"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/209644e25757c499e1c1f08c071ea0386d4448b6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4dd2d9cf563c54e09d5f7eacf95c5b8f538b513b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6ff2243d5e05a5239e39d4ba61d96b0ea3bf7259"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/768f25613a9fe6766d15a4a72979657adfc1c6d8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a75281626fc8fa6dc6c9cc314ee423e8bc45203b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d97fc1b29513010b60fde874c7f0ba816744e18c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/e14a1148f02e8cf1ca380d57e4b95ca36c97f45d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie", "id": "2468186", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468186"}, "csaw": false, "cwe": "CWE-805", "details": ["A flaw was found in the Linux kernel's rtl8723bs component. An incorrect length check within the `rtw_restruct_wmm_ie` function can lead to an out-of-bounds read. This vulnerability occurs because the code attempts to access memory beyond the allocated buffer before verifying the index is within bounds. This could potentially allow an attacker to read sensitive information or cause a denial of service."], "name": "CVE-2026-43386", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-43386\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43386\nhttps://lore.kernel.org/linux-cve-announce/2026050835-CVE-2026-43386-c764@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[554c0a3abf216c991c5ebddcdb2c08689ecd290b,6ff2243d5e05a5239e39d4ba61d96b0ea3bf7259)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[554c0a3abf216c991c5ebddcdb2c08689ecd290b,12cc6e8f8d4245b7b5a408c6fc8ab1d098d67020)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[554c0a3abf216c991c5ebddcdb2c08689ecd290b,209644e25757c499e1c1f08c071ea0386d4448b6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[554c0a3abf216c991c5ebddcdb2c08689ecd290b,4dd2d9cf563c54e09d5f7eacf95c5b8f538b513b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[554c0a3abf216c991c5ebddcdb2c08689ecd290b,768f25613a9fe6766d15a4a72979657adfc1c6d8)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[554c0a3abf216c991c5ebddcdb2c08689ecd290b,e14a1148f02e8cf1ca380d57e4b95ca36c97f45d)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[554c0a3abf216c991c5ebddcdb2c08689ecd290b,4dd2d9cf563c54e09d5f7eacf95c5b8f538b513b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[554c0a3abf216c991c5ebddcdb2c08689ecd290b,a75281626fc8fa6dc6c9cc314ee423e8bc45203b)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.12"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,4.12)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.10.253,5.11.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.203,5.16.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.167,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.78,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.19,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.9,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-05-08T17:30:13.914277+00:00", "updated": "2026-05-09T04:30:17.675115+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}