HOMEVULNERABILITIESCVE-2026-43213
HIGH

CVE-2026-43213

Published: May 6, 2026· Updated: May 11, 2026

7.5
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:4.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw89: pci: validate sequence number of TX release report

Hardware rarely reports abnormal sequence number in TX release report,

which will access out-of-bounds of wd_ring->pages array, causing NULL

pointer dereference.

BUG: kernel NULL pointer dereference, address: 0000000000000000

#PF: supervisor read access in kernel mode

#PF: error_code(0x0000) - not-present page

PGD 0 P4D 0

Oops: 0000 [#1] PREEMPT SMP NOPTI

CPU: 1 PID: 1085 Comm: irq/129-rtw89_p Tainted: G S U

6.1.145-17510-g2f3369c91536 #1 (HASH:69e8 1)

Call Trace:

<IRQ>

rtw89_pci_release_tx+0x18f/0x300 [rtw89_pci (HASH:4c83 2)]

rtw89_pci_napi_poll+0xc2/0x190 [rtw89_pci (HASH:4c83 2)]

net_rx_action+0xfc/0x460 net/core/dev.c:6578 net/core/dev.c:6645 net/core/dev.c:6759

handle_softirqs+0xbe/0x290 kernel/softirq.c:601

? rtw89_pci_interrupt_threadfn+0xc5/0x350 [rtw89_pci (HASH:4c83 2)]

__local_bh_enable_ip+0xeb/0x120 kernel/softirq.c:499 kernel/softirq.c:423

</IRQ>

<TASK>

rtw89_pci_interrupt_threadfn+0xf8/0x350 [rtw89_pci (HASH:4c83 2)]

? irq_thread+0xa7/0x340 kernel/irq/manage.c:0

irq_thread+0x177/0x340 kernel/irq/manage.c:1205 kernel/irq/manage.c:1314

? thaw_kernel_threads+0xb0/0xb0 kernel/irq/manage.c:1202

? irq_forced_thread_fn+0x80/0x80 kernel/irq/manage.c:1220

kthread+0xea/0x110 kernel/kthread.c:376

? synchronize_irq+0x1a0/0x1a0 kernel/irq/manage.c:1287

? kthread_associate_blkcg+0x80/0x80 kernel/kthread.c:331

ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295

</TASK>

To prevent crash, validate rpp_info.seq before using.

NVD Source

Technical Analysis

CVE-2026-43213 requires adjacent network access, limiting remote exploitation but still posing risk in shared or local network environments.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.5.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorAdjacent
Attack ComplexityHigh
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Vendors & Products

Linux1 product
linux kernel
Source: NVD CPE · 1 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (3)

Quick Facts

CVE IDCVE-2026-43213
CVSS Score7.5 / 10
SeverityHIGH
CISA KEVNo
EPSS (30d)0.02%
Affected1 vendor
PublishedMay 6, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-43213 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.