CVE-2025-68256
BaseFortify
Publication date: 2025-12-16
Last updated on: 2026-04-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds (OOB) read in the Linux kernel's rtl8723bs staging driver, specifically in the Information Element (IE) parser function rtw_get_ie(). The parser trusted the length byte of each IE without verifying that the IE body actually fits within the remaining frame buffer. A malformed frame can specify an IE length larger than the available data, causing the parser to read beyond the buffer's end or potentially enter an infinite loop. The fix involves validating that the total length does not exceed the buffer limit before processing the IE.
How can this vulnerability impact me? :
This vulnerability can lead to out-of-bounds memory reads or infinite loops when processing malformed frames. Such behavior can cause system instability, crashes, or potentially expose sensitive memory contents, which may be exploited by attackers to compromise system security or cause denial of service.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the fixed version of the Linux kernel that includes the correction for the rtl8723bs IE parser to prevent out-of-bounds reads. This fix validates the IE length before parsing to avoid malformed frames causing issues.