1. Home
  2. Vulnerabilities
  3. CVE-2026-31626
7.1
HIGH CVSS 3.1
CVE-2026-31626
staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()
Overview
Description

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() Initialize le_tmp64 to zero in rtw_BIP_verify() to prevent using uninitialized data. Smatch warns that only 6 bytes are copied to this 8-byte (u64) variable, leaving the last two bytes uninitialized: drivers/staging/rtl8723bs/core/rtw_security.c:1308 rtw_BIP_verify() warn: not copying enough bytes for '&le_tmp64' (8 vs 6 bytes) Initializing the variable at the start of the function fixes this warning and ensures predictable behavior.

Details
INFO

Published Date :

April 24, 2026, 3:16 p.m.

Last Modified :

June 1, 2026, 5:16 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Impact
Affected Products

The following products are affected by CVE-2026-31626 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
Initialize le_tmp64 to zero in rtw_BIP_verify to prevent uninitialized data use.
  • Initialize le_tmp64 to zero in rtw_BIP_verify.
  • Ensure all bytes are copied for le_tmp64.
  • Update the Linux kernel to the latest version.
References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-31626.

URL Resource
https://git.kernel.org/stable/c/51532c7c1d357145f4ac561648499f7a6847f739
https://git.kernel.org/stable/c/6792624d933146e2757b07092e93ad915cb58930
https://git.kernel.org/stable/c/8c964b82a4e97ec7f25e17b803ee196009b38a57 Patch
https://git.kernel.org/stable/c/9e911eead187240193516edf55a0e1ab3425aa5b
https://git.kernel.org/stable/c/b487a7754d874230299d5a9c2710ec4df8b2ed8a Patch
https://git.kernel.org/stable/c/c2026c6b603ebec52f55015496703fe79077accf Patch
https://git.kernel.org/stable/c/c65ee4d3be5df395e48afbcd0946dd5fce4338a9 Patch
https://git.kernel.org/stable/c/d5b8f5f8d6fc09a8af5ed139c688660f578ed732 Patch
https://git.kernel.org/stable/c/ef74ce5f0bc0e53ce702d8a794f3957884a26efc Patch
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-31626 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-31626 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-31626 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-31626 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 01, 2026

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/51532c7c1d357145f4ac561648499f7a6847f739
    Added Reference https://git.kernel.org/stable/c/6792624d933146e2757b07092e93ad915cb58930
    Added Reference https://git.kernel.org/stable/c/9e911eead187240193516edf55a0e1ab3425aa5b
  • Initial Analysis by [email protected]

    Apr. 27, 2026

    Action Type Old Value New Value
    Added CWE CWE-908
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.13 up to (excluding) 6.18.24 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.19 up to (excluding) 6.19.14 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 7.0 up to (excluding) 7.0.1 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.83 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.12 up to (excluding) 6.6.136
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/8c964b82a4e97ec7f25e17b803ee196009b38a57 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/b487a7754d874230299d5a9c2710ec4df8b2ed8a Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/c2026c6b603ebec52f55015496703fe79077accf Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/c65ee4d3be5df395e48afbcd0946dd5fce4338a9 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/d5b8f5f8d6fc09a8af5ed139c688660f578ed732 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/ef74ce5f0bc0e53ce702d8a794f3957884a26efc Types: Patch
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Apr. 27, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Apr. 27, 2026

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/c65ee4d3be5df395e48afbcd0946dd5fce4338a9
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Apr. 27, 2026

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/8c964b82a4e97ec7f25e17b803ee196009b38a57
  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Apr. 24, 2026

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() Initialize le_tmp64 to zero in rtw_BIP_verify() to prevent using uninitialized data. Smatch warns that only 6 bytes are copied to this 8-byte (u64) variable, leaving the last two bytes uninitialized: drivers/staging/rtl8723bs/core/rtw_security.c:1308 rtw_BIP_verify() warn: not copying enough bytes for '&le_tmp64' (8 vs 6 bytes) Initializing the variable at the start of the function fixes this warning and ensures predictable behavior.
    Added Reference https://git.kernel.org/stable/c/b487a7754d874230299d5a9c2710ec4df8b2ed8a
    Added Reference https://git.kernel.org/stable/c/c2026c6b603ebec52f55015496703fe79077accf
    Added Reference https://git.kernel.org/stable/c/d5b8f5f8d6fc09a8af5ed139c688660f578ed732
    Added Reference https://git.kernel.org/stable/c/ef74ce5f0bc0e53ce702d8a794f3957884a26efc
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 7.1
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact