CVE-2025-68254
staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing
The Extended Supported Rates (ESR) IE handling in OnBeacon accessed
*(p + 1 + ielen) and *(p + 2 + ielen) without verifying that these
offsets lie within the received frame buffer. A malformed beacon with
an ESR IE positioned at the end of the buffer could cause an
out-of-bounds read, potentially triggering a kernel panic.
Add a boundary check to ensure that the ESR IE body and the subsequent
bytes are within the limits of the frame before attempting to access
them.
This prevents OOB reads caused by malformed beacon frames.
Produtos afetados
Linux · LinuxQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://git.kernel.org/stable/c/38292407c2bb5b2b3131aaace4ecc7a829b40b76https://git.kernel.org/stable/c/502ddcc405b69fa92e0add6c1714d654504f6fd7https://git.kernel.org/stable/c/bb5940193d813449540d8d3a82abc045be41f48ahttps://git.kernel.org/stable/c/bf323db1d883c209880bd92f3b12503e3531c3fchttps://git.kernel.org/stable/c/c03cb111628924827351e19baa5b073e9b0d723dhttps://git.kernel.org/stable/c/c173ce97d3f0f0c0fefa39139d6d04ba60b5db22https://git.kernel.org/stable/c/d1ab7f9cee22e7b8a528da9ac953e4193b96cda5