2467217 – (CVE-2026-43144) CVE-2026-43144 kernel: wifi: brcmfmac: Fix potential kernel oops when probe fails

Bug 2467217 (CVE-2026-43144) - CVE-2026-43144 kernel: wifi: brcmfmac: Fix potential kernel oops when probe fails

Summary: CVE-2026-43144 kernel: wifi: brcmfmac: Fix potential kernel oops when probe f...

Keywords:
Status:	NEW
Alias:	CVE-2026-43144
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-06 13:11 UTC by OSIDB Bzimport
Modified:	2026-05-06 18:37 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-06 13:11:25 UTC

In the Linux kernel, the following vulnerability has been resolved:

wifi: brcmfmac: Fix potential kernel oops when probe fails

When probe of the sdio brcmfmac device fails for some reasons (i.e.
missing firmware), the sdiodev->bus is set to error instead of NULL, thus
the cleanup later in brcmf_sdio_remove() tries to free resources via
invalid bus pointer. This happens because sdiodev->bus is set 2 times:
first in brcmf_sdio_probe() and second time in brcmf_sdiod_probe(). Fix
this by chaning the brcmf_sdio_probe() function to return the error code
and set sdio->bus only there.

Comment 1 Keith Grant 2026-05-06 18:35:50 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050626-CVE-2026-43144-720d@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.