Cyber Resilience

CVE-2026-46163

HighUpdated

Published: 28 May 2026

Published
28 May 2026
Modified
10 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 3.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-46163 is a high-severity Improper Validation of Array Index (CWE-129) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX path Same fix as b43: the firmware-controlled key index in b43legacy_rx() can exceed dev->max_nr_keys. The existing B43legacy_WARN_ON is non-enforcing…

more

in production builds, allowing an out-of-bounds read of dev->key[]. Make the check enforcing by dropping the frame for invalid indices.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Why these techniques?

OOB read on firmware key array in kernel driver enables kernel exploitation for privilege escalation (T1068) and potential credential/key disclosure (T1212).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

Affected Assets

linux
linux kernel
7.1 · 2.6.24 — 5.10.258 · 5.11 — 5.15.209 · 5.16 — 6.1.175

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References