2467150 – (CVE-2026-43176) CVE-2026-43176 kernel: wifi: rtw89: pci: validate release report content before using for RTL8922DE

Bug 2467150 (CVE-2026-43176) - CVE-2026-43176 kernel: wifi: rtw89: pci: validate release report content before using for RTL8922DE

Summary: CVE-2026-43176 kernel: wifi: rtw89: pci: validate release report content befo...

Keywords:
Status:	NEW
Alias:	CVE-2026-43176
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-06 13:07 UTC by OSIDB Bzimport
Modified:	2026-05-06 20:07 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-06 13:07:04 UTC

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw89: pci: validate release report content before using for RTL8922DE

The commit 957eda596c76
("wifi: rtw89: pci: validate sequence number of TX release report")
does validation on existing chips, which somehow a release report of SKB
becomes malformed. As no clear cause found, add rules ahead for RTL8922DE
to avoid crash if it happens.

Comment 1 Keith Grant 2026-05-06 20:05:19 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050637-CVE-2026-43176-c8ee@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.