Skip to content
Threat Feed
high advisory

CVE-2026-46163 wifi: b43legacy Firmware Key Index Vulnerability

CVE-2026-46163 is a vulnerability in the b43legacy WiFi driver related to a missing bounds check on the firmware key index in the RX path, potentially leading to memory corruption.

CVE-2026-46163 involves a security flaw within the b43legacy WiFi driver, specifically regarding the handling of firmware key indices during RX (receive) operations. The vulnerability stems from the absence of proper bounds checking on the firmware key index before it’s used to access memory. This oversight could allow an attacker to potentially read from or write to arbitrary memory locations, leading to denial-of-service, information disclosure, or potentially arbitrary code execution. Due to the low-level nature of the vulnerability, successful exploitation could have significant impact on the system’s stability and security. This vulnerability impacts systems utilizing the affected WiFi driver.

Attack Chain

  1. An attacker sends a maliciously crafted WiFi packet to the target device.
  2. The device’s WiFi adapter receives the packet and passes it to the b43legacy driver.
  3. The driver attempts to process the received packet, including decrypting it using a key from the firmware.
  4. Due to the missing bounds check, a crafted packet provides an out-of-bounds key index value.
  5. The driver uses this invalid index to access the firmware key table.
  6. This leads to an out-of-bounds memory access.
  7. The out-of-bounds memory access results in a read or write to an unintended memory location.
  8. Depending on the memory location accessed, the attacker can trigger a denial-of-service condition or potentially execute arbitrary code.

Impact

Successful exploitation of CVE-2026-46163 can result in a denial-of-service condition due to a system crash. In more severe scenarios, an attacker could leverage this vulnerability to gain arbitrary code execution on the target system, potentially leading to complete system compromise. The number of potential victims depends on the prevalence of the vulnerable b43legacy WiFi driver and the attacker’s targeting scope.

Recommendation

  • Apply the security patch released by Microsoft to address CVE-2026-46163 immediately to prevent potential exploitation.
  • Monitor systems using the b43legacy WiFi driver for unusual activity, such as unexpected crashes or memory access violations.
  • Deploy the Sigma rules in this brief to your SIEM to detect potential exploitation attempts.

Detection coverage 2

Detect CVE-2026-46163 Exploitation Attempt - Anomalous Memory Access

high

Detects CVE-2026-46163 exploitation attempt by monitoring for anomalous memory access patterns potentially indicative of an out-of-bounds read or write within the b43legacy driver.

sigma tactics: privilege_escalation techniques: T1068 sources: process_creation, windows

Detect CVE-2026-46163 Exploitation Attempt - Driver Crash

high

Detects CVE-2026-46163 exploitation attempt by detecting abnormal system crashes related to the b43legacy driver

sigma tactics: availability techniques: T1499 sources: system, windows

Detection queries are available on the platform. Get full rules →