CVE-2025-68256
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser
The Information Element (IE) parser rtw_get_ie() trusted the length byte of each IE without validating that the IE body (len bytes after the 2-byte header) fits inside the remaining frame buffer. A malformed frame can advertise an IE length larger than the available data, causing the parser to increment its pointer beyond the buffer end. This results in out-of-bounds reads or, depending on the pattern, an infinite loop.
Fix by validating that (offset + 2 + len) does not exceed the limit before accepting the IE or advancing to the next element.
This prevents OOB reads and ensures the parser terminates safely on malformed frames.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 554c0a3abf216c991c5ebddcdb2c08689ecd290b < 9829c6e1b2e4180fd18315252ad6faeab6128076 | affected |
| Linux | Linux | 554c0a3abf216c991c5ebddcdb2c08689ecd290b < b977eb31802817f4a37da95bf16bfdaa1eeb5fc2 | affected |
| Linux | Linux | 554c0a3abf216c991c5ebddcdb2c08689ecd290b < 30c558447e90935f0de61be181bbcedf75952e00 | affected |
| Linux | Linux | 554c0a3abf216c991c5ebddcdb2c08689ecd290b < a54e2b2db1b7de2e008b4f62eec35aaefcc663c5 | affected |
| Linux | Linux | 554c0a3abf216c991c5ebddcdb2c08689ecd290b < df191dd9f4c7249d98ada55634fa8ac19089b8cb | affected |
| Linux | Linux | 554c0a3abf216c991c5ebddcdb2c08689ecd290b < c0d93d69e1472ba75b78898979b90a98ba2a2501 | affected |
| Linux | Linux | 554c0a3abf216c991c5ebddcdb2c08689ecd290b < 154828bf9559b9c8421fc2f0d7f7f76b3683aaed | affected |
| Linux | Linux | 4.12 | affected |
| Linux | Linux | 0 < 4.12 | unaffected |
| Linux | Linux | 5.15.203 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.160 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.120 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.62 <= 6.12.* | unaffected |
| Linux | Linux | 6.17.12 <= 6.17.* | unaffected |
| Linux | Linux | 6.18.1 <= 6.18.* | unaffected |
| Linux | Linux | 6.19 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/9829c6e1b2e4180fd18315252ad6faeab6128076
- https://git.kernel.org/stable/c/b977eb31802817f4a37da95bf16bfdaa1eeb5fc2
- https://git.kernel.org/stable/c/30c558447e90935f0de61be181bbcedf75952e00
- https://git.kernel.org/stable/c/a54e2b2db1b7de2e008b4f62eec35aaefcc663c5
- https://git.kernel.org/stable/c/df191dd9f4c7249d98ada55634fa8ac19089b8cb
- https://git.kernel.org/stable/c/c0d93d69e1472ba75b78898979b90a98ba2a2501
- https://git.kernel.org/stable/c/154828bf9559b9c8421fc2f0d7f7f76b3683aaed
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.