CVE-2026-43113

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: wl1251: validate packet IDs before indexing tx_frames<br /> <br /> wl1251_tx_packet_cb() uses the firmware completion ID directly to index<br /> the fixed 16-entry wl-&gt;tx_frames[] array. The ID is a raw u8 from the<br /> completion block, and the callback does not currently verify that it<br /> fits the array before dereferencing it.<br /> <br /> Reject completion IDs that fall outside wl-&gt;tx_frames[] and keep the<br /> existing NULL check in the same guard. This keeps the fix local to the<br /> trust boundary and avoids touching the rest of the completion flow.