Cyber Resilience

CVE-2026-31626

HighUpdated

Published: 24 April 2026

Published
24 April 2026
Modified
01 June 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
EPSS Score 0.0006 18.9th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31626 is a high-severity Use of Uninitialized Resource (CWE-908) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-7 (Least Functionality).

Deeper analysis

CVE-2026-31626 affects the Linux kernel's staging rtl8723bs driver, specifically the rtw_BIP_verify() function in drivers/staging/rtl8723bs/core/rtw_security.c. The vulnerability stems from the failure to initialize the 8-byte u64 variable le_tmp64 to zero before use; only 6 bytes are copied into it, leaving the last two bytes uninitialized. This issue, flagged by the Smatch static analysis tool, constitutes a CWE-908 (Use of Uninitialized Resource) and carries a CVSS v3.1 base score of 7.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).

An attacker with adjacent network access can exploit this vulnerability with low complexity, no privileges, and no user interaction required. Exploitation involves triggering rtw_BIP_verify() with crafted input that leads to the use of uninitialized data in le_tmp64, potentially resulting in low integrity impact and high availability impact, such as denial of service, while confidentiality remains unaffected.

Mitigation is achieved by applying upstream patches in stable kernel branches, which initialize le_tmp64 to zero at the start of rtw_BIP_verify() to eliminate the uninitialized data usage and ensure predictable behavior. Relevant commits include 8c964b82a4e97ec7f25e17b803ee196009b38a57, b487a7754d874230299d5a9c2710ec4df8b2ed8a, c2026c6b603ebec52f55015496703fe79077accf, c65ee4d3be5df395e48afbcd0946dd5fce4338a9, and d5b8f5f8d6fc09a8af5ed139c688660f578ed732.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() Initialize le_tmp64 to zero in rtw_BIP_verify() to prevent using uninitialized data. Smatch warns that only 6 bytes are copied to this 8-byte (u64) variable,…

more

leaving the last two bytes uninitialized: drivers/staging/rtl8723bs/core/rtw_security.c:1308 rtw_BIP_verify() warn: not copying enough bytes for '&le_tmp64' (8 vs 6 bytes) Initializing the variable at the start of the function fixes this warning and ensures predictable behavior.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Uninitialized variable use in WiFi driver (rtw_BIP_verify) allows adjacent attacker to send crafted 802.11 frames triggering kernel DoS (A:H impact); directly maps to application/system exploitation for endpoint denial of service.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23003Same product: Linux Linux Kernel
CVE-2024-57910Same product: Linux Linux Kernel
CVE-2026-23388Same product: Linux Linux Kernel
CVE-2026-23242Same product: Linux Linux Kernel
CVE-2026-22991Same product: Linux Linux Kernel
CVE-2024-57912Same product: Linux Linux Kernel
CVE-2025-21717Same product: Linux Linux Kernel
CVE-2026-23459Same product: Linux Linux Kernel
CVE-2026-31693Same product: Linux Linux Kernel
CVE-2026-31640Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
4.12 — 6.6.136 · 6.7 — 6.12.83 · 6.13 — 6.18.24

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Remediating the identified flaw by applying kernel patches that initialize le_tmp64 directly prevents use of uninitialized data in rtw_BIP_verify().

preventdetect

Vulnerability scanning detects kernels affected by CVE-2026-31626 and triggers remediation to patch the uninitialized resource flaw.

prevent

Configuring systems to least functionality by disabling non-essential staging drivers like rtl8723bs prevents exposure to this vulnerability.

References