CVE-2025-68254
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds (OOB) read in the Linux kernel's rtl8723bs staging driver. Specifically, when parsing the Extended Supported Rates (ESR) Information Element (IE) in beacon frames, the code accessed memory beyond the received frame buffer without verifying boundaries. A malformed beacon with an ESR IE at the end of the buffer could cause this OOB read, potentially leading to a kernel panic. The fix involved adding boundary checks to ensure safe access within the frame limits.
How can this vulnerability impact me? :
This vulnerability can cause a kernel panic due to an out-of-bounds read triggered by a malformed beacon frame. This could lead to system instability or denial of service on affected Linux systems using the rtl8723bs driver, potentially disrupting normal operations.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the fixed version of the Linux kernel that includes the boundary check for the Extended Supported Rates (ESR) IE parsing in the rtl8723bs driver to prevent out-of-bounds reads caused by malformed beacon frames.