staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing
3Vexday Risk Score
Sin señal de explotación. Ningún artefacto público de explotación conocido hasta ahora.
ssvc Trackepss 0.2%
probabilidad de explotación
0.2%top 94% de las CVE
explotación observada
noninguna fuente lo reporta
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing
The Extended Supported Rates (ESR) IE handling in OnBeacon accessed
*(p + 1 + ielen) and *(p + 2 + ielen) without verifying that these
offsets lie within the received frame buffer. A malformed beacon with
an ESR IE positioned at the end of the buffer could cause an
out-of-bounds read, potentially triggering a kernel panic.
Add a boundary check to ensure that the ESR IE body and the subsequent
bytes are within the limits of the frame before attempting to access
them.
This prevents OOB reads caused by malformed beacon frames.
Productos afectados
Linux · LinuxReferencias
https://git.kernel.org/stable/c/38292407c2bb5b2b3131aaace4ecc7a829b40b76https://git.kernel.org/stable/c/502ddcc405b69fa92e0add6c1714d654504f6fd7https://git.kernel.org/stable/c/bb5940193d813449540d8d3a82abc045be41f48ahttps://git.kernel.org/stable/c/bf323db1d883c209880bd92f3b12503e3531c3fchttps://git.kernel.org/stable/c/c03cb111628924827351e19baa5b073e9b0d723dhttps://git.kernel.org/stable/c/c173ce97d3f0f0c0fefa39139d6d04ba60b5db22https://git.kernel.org/stable/c/d1ab7f9cee22e7b8a528da9ac953e4193b96cda5