CVE-2026-31626

Source
https://cve.org/CVERecord?id=CVE-2026-31626
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31626.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-31626
Downstream
Related
Published
2026-04-24T14:42:47.493Z
Modified
2026-06-18T03:57:25.997476679Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
Summary
staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
Details

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: initialize letmp64 in rtwBIP_verify()

Initialize letmp64 to zero in rtwBIP_verify() to prevent using uninitialized data.

Smatch warns that only 6 bytes are copied to this 8-byte (u64) variable, leaving the last two bytes uninitialized:

drivers/staging/rtl8723bs/core/rtwsecurity.c:1308 rtwBIPverify() warn: not copying enough bytes for '&letmp64' (8 vs 6 bytes)

Initializing the variable at the start of the function fixes this warning and ensures predictable behavior.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31626.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
554c0a3abf216c991c5ebddcdb2c08689ecd290b
Fixed
6792624d933146e2757b07092e93ad915cb58930
Fixed
51532c7c1d357145f4ac561648499f7a6847f739
Fixed
9e911eead187240193516edf55a0e1ab3425aa5b
Fixed
c65ee4d3be5df395e48afbcd0946dd5fce4338a9
Fixed
d5b8f5f8d6fc09a8af5ed139c688660f578ed732
Fixed
b487a7754d874230299d5a9c2710ec4df8b2ed8a
Fixed
c2026c6b603ebec52f55015496703fe79077accf
Fixed
ef74ce5f0bc0e53ce702d8a794f3957884a26efc
Fixed
8c964b82a4e97ec7f25e17b803ee196009b38a57

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31626.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.12.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.136
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.83
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.24
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.14
Type
ECOSYSTEM
Events
Introduced
6.20.0
Fixed
7.0.1

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31626.json"