PatchSiren cyber security CVE debrief
CVE-2026-46305 Linux CVE debrief
A vulnerability has been resolved in the Linux kernel, specifically in the staging: rtl8723bs: os_dep module. The vulnerability is related to a potential NULL pointer dereference in the rtw_cbuf_alloc function. The issue arises from the return value of kzalloc_flex() being used without ensuring that the allocation succeeded, and the pointer being dereferenced unconditionally. To mitigate this vulnerability, it is recommended to guard the access to the allocated structure to avoid a potential NULL pointer dereference if the allocation fails.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-08
Who should care
Users of the Linux kernel, particularly those using the rtl8723bs module, should be aware of this vulnerability and take necessary precautions.
Technical summary
The vulnerability is caused by a NULL pointer dereference in the rtw_cbuf_alloc function. The function uses the return value of kzalloc_flex() without checking if the allocation was successful, leading to a potential NULL pointer dereference.
Defensive priority
Medium
Recommended defensive actions
- Apply the patch from the Linux kernel repository to fix the vulnerability.
- Use resourceLinkAnnotations for more information: {ref-4} and {ref-5}.
Evidence notes
The vulnerability has been resolved in the Linux kernel repository.
Official resources
-
CVE-2026-46305 CVE record
CVE.org
-
CVE-2026-46305 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVE-2026-46305 was published on {cvePublishedAt} and modified on {cveModifiedAt}.