Volerion logoVolerion
Volerion logoVolerion

Linux Kernel RTL8723BS Driver Null Pointer Dereference Vulnerability

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's RTL8723BS Wi-Fi driver. This issue arises in the 'find_network' function, where the 'pwlan' variable can be NULL when passed to 'rtw_free_network_nolock()'. The subsequent dereference of 'pwlan' without proper validation can lead to a crash or undefined behavior.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a crash or undefined behavior of the affected system.

Reproduction

The vulnerability can be reproduced by using a Linux kernel version that includes the RTL8723BS staging driver for SDIO Wi-Fi. When the 'find_network' function is called, the 'pwlan' variable may be NULL, allowing for a null pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is '41460a19654c32d39fd0e3a3671cd8d4b7b8479f', which is available in the Linux kernel stable tree.

Added: May 6, 2026, 4:08 PM
Updated: May 6, 2026, 4:08 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
7.6
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.