staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing
CVE-2025-68255

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
16 December 2025

What is CVE-2025-68255?

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing

The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy() length when copying into a fixed-size 16-byte stack buffer (supportRate). A malicious station can advertise an IE length larger than 16 bytes, causing a stack buffer overflow.

Clamp ie_len to the buffer size before copying the Supported Rates IE, and correct the bounds check when merging Extended Supported Rates to prevent a second potential overflow.

This prevents kernel stack corruption triggered by malformed association requests.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 61871c83259a511980ec2664964cecc69005398b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 25411f5fcf5743131158f337c99c2bbf3f8477f5

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/61871c83259a511980ec26649...
https://git.kernel.org/stable/c/25411f5fcf5743131158f337c...
https://git.kernel.org/stable/c/e841d8ea722315b781c4fc5bf...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-68255 : Stack Buffer Overflow Vulnerability in Linux Kernel Staging Product by Linux Foundation