CVE-2026-43213

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: rtw89: pci: validate sequence number of TX release report<br /> <br /> Hardware rarely reports abnormal sequence number in TX release report,<br /> which will access out-of-bounds of wd_ring-&gt;pages array, causing NULL<br /> pointer dereference.<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000000<br /> #PF: supervisor read access in kernel mode<br /> #PF: error_code(0x0000) - not-present page<br /> PGD 0 P4D 0<br /> Oops: 0000 [#1] PREEMPT SMP NOPTI<br /> CPU: 1 PID: 1085 Comm: irq/129-rtw89_p Tainted: G S U<br /> 6.1.145-17510-g2f3369c91536 #1 (HASH:69e8 1)<br /> Call Trace:<br /> <br /> rtw89_pci_release_tx+0x18f/0x300 [rtw89_pci (HASH:4c83 2)]<br /> rtw89_pci_napi_poll+0xc2/0x190 [rtw89_pci (HASH:4c83 2)]<br /> net_rx_action+0xfc/0x460 net/core/dev.c:6578 net/core/dev.c:6645 net/core/dev.c:6759<br /> handle_softirqs+0xbe/0x290 kernel/softirq.c:601<br /> ? rtw89_pci_interrupt_threadfn+0xc5/0x350 [rtw89_pci (HASH:4c83 2)]<br /> __local_bh_enable_ip+0xeb/0x120 kernel/softirq.c:499 kernel/softirq.c:423<br /> <br /> <br /> rtw89_pci_interrupt_threadfn+0xf8/0x350 [rtw89_pci (HASH:4c83 2)]<br /> ? irq_thread+0xa7/0x340 kernel/irq/manage.c:0<br /> irq_thread+0x177/0x340 kernel/irq/manage.c:1205 kernel/irq/manage.c:1314<br /> ? thaw_kernel_threads+0xb0/0xb0 kernel/irq/manage.c:1202<br /> ? irq_forced_thread_fn+0x80/0x80 kernel/irq/manage.c:1220<br /> kthread+0xea/0x110 kernel/kthread.c:376<br /> ? synchronize_irq+0x1a0/0x1a0 kernel/irq/manage.c:1287<br /> ? kthread_associate_blkcg+0x80/0x80 kernel/kthread.c:331<br /> ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295<br /> <br /> <br /> To prevent crash, validate rpp_info.seq before using.