CVE-2026-43387 Linux CVE debrief

Who should care

Organizations running Linux systems with Realtek RTL8723BS wireless hardware, particularly embedded and IoT deployments. System administrators maintaining Linux kernels in the affected version ranges. Distributions shipping the rtl8723bs staging driver as a module.

Technical summary

The vulnerability exists in the `rtw_get_ie_ex()` function within the rtl8723bs staging driver, a Realtek RTL8723BS SDIO WiFi driver. The function parses wireless frame information elements without adequate validation of the length field, leading to potential out-of-bounds memory reads. The fix implements proper bounds checking before processing frame data, following the same pattern as a previous correction to the related `rtw_get_ie()` function. The rtl8723bs driver is typically used in embedded systems and IoT devices with SDIO-connected WiFi chipsets.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates to patched versions: 5.10.253 or later, 5.15.203 or later, 6.1.167 or later, 6.6.130 or later, 6.12.78 or later, 6.18.19 or later, 6.19.9 or later, or 7.0-rc4 or later
• Verify kernel version on systems using the rtl8723bs wireless driver
• Monitor vendor security advisories for distribution-specific kernel updates
• Consider disabling the rtl8723bs driver if not required for hardware functionality until patches can be applied

Evidence notes

The vulnerability description references commit 154828bf9559 as a comparable prior fix for `rtw_get_ie()`. The NVD record indicates this vulnerability affects Linux kernel versions 4.12 through 7.0-rc3 across multiple stable branches. Eight patch commits are referenced from kernel.org stable repositories. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms local attack vector with low complexity and high availability impact.

Official resources