Acknowledged
Created: Dec 16, 2025
Updated: Dec 18, 2025
Found In Version: 10.25.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser[EOL][EOL]The Information Element (IE) parser rtw_get_ie() trusted the length[EOL]byte of each IE without validating that the IE body (len bytes after[EOL]the 2-byte header) fits inside the remaining frame buffer. A malformed[EOL]frame can advertise an IE length larger than the available data, causing[EOL]the parser to increment its pointer beyond the buffer end. This results[EOL]in out-of-bounds reads or, depending on the pattern, an infinite loop.[EOL][EOL]Fix by validating that (offset + 2 + len) does not exceed the limit[EOL]before accepting the IE or advancing to the next element.[EOL][EOL]This prevents OOB reads and ensures the parser terminates safely on[EOL]malformed frames.
