| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121612-CVE-2025-68256-5ed2@gregkh> Date: Tue, 16 Dec 2025 15:45:13 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68256: staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser The Information Element (IE) parser rtw_get_ie() trusted the length byte of each IE without validating that the IE body (len bytes after the 2-byte header) fits inside the remaining frame buffer. A malformed frame can advertise an IE length larger than the available data, causing the parser to increment its pointer beyond the buffer end. This results in out-of-bounds reads or, depending on the pattern, an infinite loop. Fix by validating that (offset + 2 + len) does not exceed the limit before accepting the IE or advancing to the next element. This prevents OOB reads and ensures the parser terminates safely on malformed frames. The Linux kernel CVE team has assigned CVE-2025-68256 to this issue. Affected and fixed versions =========================== Fixed in 6.12.62 with commit a54e2b2db1b7de2e008b4f62eec35aaefcc663c5 Fixed in 6.17.12 with commit df191dd9f4c7249d98ada55634fa8ac19089b8cb Fixed in 6.18.1 with commit c0d93d69e1472ba75b78898979b90a98ba2a2501 Fixed in 6.19-rc1 with commit 154828bf9559b9c8421fc2f0d7f7f76b3683aaed Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68256 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/staging/rtl8723bs/core/rtw_ieee80211.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/a54e2b2db1b7de2e008b4f62eec35aaefcc663c5 https://git.kernel.org/stable/c/df191dd9f4c7249d98ada55634fa8ac19089b8cb https://git.kernel.org/stable/c/c0d93d69e1472ba75b78898979b90a98ba2a2501 https://git.kernel.org/stable/c/154828bf9559b9c8421fc2f0d7f7f76b3683aaed
Powered by blists - more mailing lists