CVE-2025-68256
Published: Dec 16, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser The Information Element (IE) parser rtw_get_ie() trusted the length byte of each IE without validating that the IE body (len bytes after the 2-byte header) fits inside the remaining frame buffer. A malformed frame can advertise an IE length larger than the available data, causing the parser to increment its pointer beyond the buffer end. This results in out-of-bounds reads or, depending on the pattern, an infinite loop. Fix by validating that (offset + 2 + len) does not exceed the limit before accepting the IE or advancing to the next element. This prevents OOB reads and ensures the parser terminates safely on malformed frames.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b - < 9829c6e1b2e4180fd18315252ad6faeab6128076affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b - < b977eb31802817f4a37da95bf16bfdaa1eeb5fc2affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b - < 30c558447e90935f0de61be181bbcedf75952e00affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b - < a54e2b2db1b7de2e008b4f62eec35aaefcc663c5affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b - < df191dd9f4c7249d98ada55634fa8ac19089b8cb+2 more versions |
Linux | Linux | affected 4.12unaffected 0 - < 4.12unaffected 5.15.203 - <= 5.15.*unaffected 6.1.160 - <= 6.1.*unaffected 6.6.120 - <= 6.6.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now