ghsa-x52f-2whg-fhgm
Vulnerability from github
Published
2025-12-16 15:30
Modified
2025-12-16 15:30
Details

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser

The Information Element (IE) parser rtw_get_ie() trusted the length byte of each IE without validating that the IE body (len bytes after the 2-byte header) fits inside the remaining frame buffer. A malformed frame can advertise an IE length larger than the available data, causing the parser to increment its pointer beyond the buffer end. This results in out-of-bounds reads or, depending on the pattern, an infinite loop.

Fix by validating that (offset + 2 + len) does not exceed the limit before accepting the IE or advancing to the next element.

This prevents OOB reads and ensures the parser terminates safely on malformed frames.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-68256"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-16T15:15:54Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser\n\nThe Information Element (IE) parser rtw_get_ie() trusted the length\nbyte of each IE without validating that the IE body (len bytes after\nthe 2-byte header) fits inside the remaining frame buffer. A malformed\nframe can advertise an IE length larger than the available data, causing\nthe parser to increment its pointer beyond the buffer end. This results\nin out-of-bounds reads or, depending on the pattern, an infinite loop.\n\nFix by validating that (offset + 2 + len) does not exceed the limit\nbefore accepting the IE or advancing to the next element.\n\nThis prevents OOB reads and ensures the parser terminates safely on\nmalformed frames.",
  "id": "GHSA-x52f-2whg-fhgm",
  "modified": "2025-12-16T15:30:47Z",
  "published": "2025-12-16T15:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68256"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/154828bf9559b9c8421fc2f0d7f7f76b3683aaed"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a54e2b2db1b7de2e008b4f62eec35aaefcc663c5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c0d93d69e1472ba75b78898979b90a98ba2a2501"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/df191dd9f4c7249d98ada55634fa8ac19089b8cb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.