In the Linux kernel, the following vulnerability has been resolved:
wifi: b43: enforce bounds check on firmware key index in b43_rx()
The firmware-controlled key index in b43rx() can exceed the dev->key[] array size (58 entries). The existing B43WARN_ON is non-enforcing in production builds, allowing an out-of-bounds read.
Make the B43WARNON check enforcing by dropping the frame when the firmware returns an invalid key index.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46122.json",
"cna_assigner": "Linux"
}