staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing
3Vexday Risk Score
Sem sinal de exploração. Nenhum artefato público de exploração conhecido até agora.
ssvc Trackepss 0.2%
probabilidade de exploração
0.2%top 94% das CVEs
exploração observada
nãonenhuma fonte reporta
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing
The Extended Supported Rates (ESR) IE handling in OnBeacon accessed
*(p + 1 + ielen) and *(p + 2 + ielen) without verifying that these
offsets lie within the received frame buffer. A malformed beacon with
an ESR IE positioned at the end of the buffer could cause an
out-of-bounds read, potentially triggering a kernel panic.
Add a boundary check to ensure that the ESR IE body and the subsequent
bytes are within the limits of the frame before attempting to access
them.
This prevents OOB reads caused by malformed beacon frames.
Produtos afetados
Linux · LinuxReferências
https://git.kernel.org/stable/c/38292407c2bb5b2b3131aaace4ecc7a829b40b76https://git.kernel.org/stable/c/502ddcc405b69fa92e0add6c1714d654504f6fd7https://git.kernel.org/stable/c/bb5940193d813449540d8d3a82abc045be41f48ahttps://git.kernel.org/stable/c/bf323db1d883c209880bd92f3b12503e3531c3fchttps://git.kernel.org/stable/c/c03cb111628924827351e19baa5b073e9b0d723dhttps://git.kernel.org/stable/c/c173ce97d3f0f0c0fefa39139d6d04ba60b5db22https://git.kernel.org/stable/c/d1ab7f9cee22e7b8a528da9ac953e4193b96cda5