CVE-2026-46305 PUBLISHED

staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc

Assigner: Linux
Reserved: 13.05.2026 Published: 08.06.2026 Updated: 14.06.2026

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc

The return value of kzalloc_flex() is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally.

Guard the access to the allocated structure to avoid a potential NULL pointer dereference if the allocation fails.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 980cd426a25747daf8ed25e2a1904b2d26ffbb3d to 0a5f411becfb7c57aa89827213d31ef23a03d75a (excl.)
  • affected from 980cd426a25747daf8ed25e2a1904b2d26ffbb3d to bc851db06045a40c18233dd76ef0562d7f8bb6db (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 7.0 is affected
  • unaffected from 0 to 7.0 (excl.)
  • unaffected from 7.0.7 to 7.0.* (incl.)
  • unaffected from 7.1 to * (incl.)

References