CVE-2025-68255
Published: Dec 16, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy() length when copying into a fixed-size 16-byte stack buffer (supportRate). A malicious station can advertise an IE length larger than 16 bytes, causing a stack buffer overflow. Clamp ie_len to the buffer size before copying the Supported Rates IE, and correct the bounds check when merging Extended Supported Rates to prevent a second potential overflow. This prevents kernel stack corruption triggered by malformed association requests.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b - < 49b7806851f93fd342838c93f4f765e0cc5029b0affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b - < 4445adedae770037078803d1ce41f9e88a1944b6affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b - < d129dc2a5d59b4d9cd2cc0b6eeb04df8461199f0affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b - < 34620eb602aa432f090b2b784ee5c5070fb16cf9affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b - < 61871c83259a511980ec2664964cecc69005398b+3 more versions |
Linux | Linux | affected 4.12unaffected 0 - < 4.12unaffected 5.10.248 - <= 5.10.*unaffected 5.15.198 - <= 5.15.*unaffected 6.1.160 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now