By weakness (CWE)

CWE-129: related vulnerabilities

CVEs classified under CWE-129. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

2 published vulnerabilities

  • CVE-2026-46122HIGH 7.8

    A flaw exists in the Linux kernel's b43 wireless driver that can allow a local attacker to read memory outside the bounds of an internal array. The issue stems from insufficient validation of a firmware-supplied index value used to access encryption keys. When the firmware provides an invalid index—one larger than the 58-entry key array—the driver does not properly reject it in production systems, leading to an out-of-bounds read. An attacker with local system access could exploit this to leak sensitive kernel memory.

  • CVE-2026-46163HIGH 7.8

    A flaw exists in the Linux kernel's b43legacy wireless driver that fails to properly validate array index bounds when processing incoming wireless frames. The firmware supplies a key index value that the driver uses to access a cryptographic key array, but there is no enforcing check to ensure this index stays within valid bounds. In production builds, this allows an attacker with local access to trigger an out-of-bounds memory read by crafting malicious wireless traffic, potentially exposing sensitive kernel memory or causing a system crash.