-

CVE-2025-68256

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser

The Information Element (IE) parser rtw_get_ie() trusted the length
byte of each IE without validating that the IE body (len bytes after
the 2-byte header) fits inside the remaining frame buffer. A malformed
frame can advertise an IE length larger than the available data, causing
the parser to increment its pointer beyond the buffer end. This results
in out-of-bounds reads or, depending on the pattern, an infinite loop.

Fix by validating that (offset + 2 + len) does not exceed the limit
before accepting the IE or advancing to the next element.

This prevents OOB reads and ensures the parser terminates safely on
malformed frames.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < b977eb31802817f4a37da95bf16bfdaa1eeb5fc2
Version 554c0a3abf216c991c5ebddcdb2c08689ecd290b
Status affected
Version < 30c558447e90935f0de61be181bbcedf75952e00
Version 554c0a3abf216c991c5ebddcdb2c08689ecd290b
Status affected
Version < a54e2b2db1b7de2e008b4f62eec35aaefcc663c5
Version 554c0a3abf216c991c5ebddcdb2c08689ecd290b
Status affected
Version < df191dd9f4c7249d98ada55634fa8ac19089b8cb
Version 554c0a3abf216c991c5ebddcdb2c08689ecd290b
Status affected
Version < c0d93d69e1472ba75b78898979b90a98ba2a2501
Version 554c0a3abf216c991c5ebddcdb2c08689ecd290b
Status affected
Version < 154828bf9559b9c8421fc2f0d7f7f76b3683aaed
Version 554c0a3abf216c991c5ebddcdb2c08689ecd290b
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 4.12
Status affected
Version < 4.12
Version 0
Status unaffected
Version <= 6.1.*
Version 6.1.160
Status unaffected
Version <= 6.6.*
Version 6.6.120
Status unaffected
Version <= 6.12.*
Version 6.12.62
Status unaffected
Version <= 6.17.*
Version 6.17.12
Status unaffected
Version <= 6.18.*
Version 6.18.1
Status unaffected
Version <= *
Version 6.19-rc1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.098
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.