{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-43144","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-01T14:12:55.989Z","datePublished":"2026-05-06T11:27:28.220Z","dateUpdated":"2026-05-11T22:18:36.548Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:18:36.548Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: Fix potential kernel oops when probe fails\n\nWhen probe of the sdio brcmfmac device fails for some reasons (i.e.\nmissing firmware), the sdiodev->bus is set to error instead of NULL, thus\nthe cleanup later in brcmf_sdio_remove() tries to free resources via\ninvalid bus pointer. This happens because sdiodev->bus is set 2 times:\nfirst in brcmf_sdio_probe() and second time in brcmf_sdiod_probe(). Fix\nthis by chaning the brcmf_sdio_probe() function to return the error code\nand set sdio->bus only there."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c","drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c","drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.h"],"versions":[{"version":"0ff0843310b74e565901d85f849fb308c3b1f220","lessThan":"64ccb0aac41c5055780c2a58bbe2c1b362ceccde","status":"affected","versionType":"git"},{"version":"0ff0843310b74e565901d85f849fb308c3b1f220","lessThan":"379aac7ee8240848aa35f605b06addb4617c863e","status":"affected","versionType":"git"},{"version":"0ff0843310b74e565901d85f849fb308c3b1f220","lessThan":"243307a0d1b0d01538e202c00454c28b21d4432e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c","drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c","drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.h"],"versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","status":"unaffected","versionType":"semver"},{"version":"6.18.16","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.6","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.19.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/64ccb0aac41c5055780c2a58bbe2c1b362ceccde"},{"url":"https://git.kernel.org/stable/c/379aac7ee8240848aa35f605b06addb4617c863e"},{"url":"https://git.kernel.org/stable/c/243307a0d1b0d01538e202c00454c28b21d4432e"}],"title":"wifi: brcmfmac: Fix potential kernel oops when probe fails","x_generator":{"engine":"bippy-1.2.0"}}}}