CVE-2025-68256

Linux Kernel 4.12.0-6.12.62, 6.13.0-6.17.12, 6.18.0 - Out-of-Bounds Read in rtw_get_ie() IE Parser

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser The Information Element (IE) parser rtw_get_ie() trusted the length byte of each IE without validating that the IE body (len bytes after the 2-byte header) fits inside the remaining frame buffer. A malformed frame can advertise an IE length larger than the available data, causing the parser to increment its pointer beyond the buffer end. This results in out-of-bounds reads or, depending on the pattern, an infinite loop. Fix by validating that (offset + 2 + len) does not exceed the limit before accepting the IE or advancing to the next element. This prevents OOB reads and ensures the parser terminates safely on malformed frames.

Scores

EPSS 0.0017
EPSS Percentile 6.3%

Details

Status published
Products (23)
linux/Kernel 4.12.0 - 5.15.203linux
linux/Kernel 4.12.0 - 6.1.160linux
linux/Kernel 5.16.0 - 6.1.160linux
linux/Kernel 6.13.0 - 6.17.12linux
linux/Kernel 6.18.0 - 6.18.1linux
linux/Kernel 6.2.0 - 6.6.120linux
linux/Kernel 6.7.0 - 6.12.62linux
Linux/Linux < 4.12
Linux/Linux 4.12
Linux/Linux 5.15.203 - 5.15.*
... and 13 more
Published Dec 16, 2025
Tracked Since Feb 18, 2026