-

CVE-2025-68255

EPSS 0.05%
Veröffentlicht 16.12.2025 14:44:58
Zuletzt bearbeitet 19.01.2026 13:16:09
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing

The Supported Rates IE length from an incoming Association Request frame
was used directly as the memcpy() length when copying into a fixed-size
16-byte stack buffer (supportRate). A malicious station can advertise an
IE length larger than 16 bytes, causing a stack buffer overflow.

Clamp ie_len to the buffer size before copying the Supported Rates IE,
and correct the bounds check when merging Extended Supported Rates to
prevent a second potential overflow.

This prevents kernel stack corruption triggered by malformed association
requests.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 49b7806851f93fd342838c93f4f765e0cc5029b0

Version 554c0a3abf216c991c5ebddcdb2c08689ecd290b

Status affected

Version < 4445adedae770037078803d1ce41f9e88a1944b6

Version 554c0a3abf216c991c5ebddcdb2c08689ecd290b

Status affected

Version < d129dc2a5d59b4d9cd2cc0b6eeb04df8461199f0

Version 554c0a3abf216c991c5ebddcdb2c08689ecd290b

Status affected

Version < 34620eb602aa432f090b2b784ee5c5070fb16cf9

Version 554c0a3abf216c991c5ebddcdb2c08689ecd290b

Status affected

Version < 61871c83259a511980ec2664964cecc69005398b

Version 554c0a3abf216c991c5ebddcdb2c08689ecd290b

Status affected

Version < 25411f5fcf5743131158f337c99c2bbf3f8477f5

Version 554c0a3abf216c991c5ebddcdb2c08689ecd290b

Status affected

Version < e841d8ea722315b781c4fc5bf4f7670fbca88875

Version 554c0a3abf216c991c5ebddcdb2c08689ecd290b

Status affected

Version < 6ef0e1c10455927867cac8f0ed6b49f328f8cf95

Version 554c0a3abf216c991c5ebddcdb2c08689ecd290b

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.12

Status affected

Version < 4.12

Version 0

Status unaffected

Version <= 5.10.*

Version 5.10.248

Status unaffected

Version <= 5.15.*

Version 5.15.198

Status unaffected

Version <= 6.1.*

Version 6.1.160

Status unaffected

Version <= 6.6.*

Version 6.6.120

Status unaffected

Version <= 6.12.*

Version 6.12.62

Status unaffected

Version <= 6.17.*

Version 6.17.12

Status unaffected

Version <= 6.18.*

Version 6.18.1

Status unaffected

Version <= *

Version 6.19-rc1

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.155

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/61871c83259a511980ec2664964cecc69005398b

https://git.kernel.org/stable/c/25411f5fcf5743131158f337c99c2bbf3f8477f5

https://git.kernel.org/stable/c/e841d8ea722315b781c4fc5bf4f7670fbca88875

https://git.kernel.org/stable/c/6ef0e1c10455927867cac8f0ed6b49f328f8cf95

https://git.kernel.org/stable/c/34620eb602aa432f090b2b784ee5c5070fb16cf9

https://git.kernel.org/stable/c/d129dc2a5d59b4d9cd2cc0b6eeb04df8461199f0

https://git.kernel.org/stable/c/4445adedae770037078803d1ce41f9e88a1944b6

https://git.kernel.org/stable/c/49b7806851f93fd342838c93f4f765e0cc5029b0

https://nvd.nist.gov/vuln/detail/CVE-2025-68255

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68255

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68255

EUVD