CVE-2025-68255
Description
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing
The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy() length when copying into a fixed-size 16-byte stack buffer (supportRate). A malicious station can advertise an IE length larger than 16 bytes, causing a stack buffer overflow.
Clamp ie_len to the buffer size before copying the Supported Rates IE, and correct the bounds check when merging Extended Supported Rates to prevent a second potential overflow.
This prevents kernel stack corruption triggered by malformed association requests.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack buffer overflow in rtl8723bs driver's Association Request IE parsing allows unauthenticated attacker to corrupt kernel stack.
Vulnerability
In the Linux kernel's staging driver rtl8723bs, the OnAssocReq function parses the Supported Rates Information Element (IE) from an incoming Association Request frame. The IE length from the frame was used directly as the memcpy() length when copying into a fixed-size 16-byte stack buffer (supportRate), without any bounds checking.
Exploitation
A malicious station can send a crafted Association Request frame with a Supported Rates IE length larger than 16 bytes, causing a stack buffer overflow. No authentication is required, and the attack can be executed over the air, making it remotely exploitable.
Impact
Exploiting this vulnerability leads to corruption of the kernel stack, which can result in a denial of service or potentially allow an attacker to escalate privileges.
Mitigation
The fix clamps the IE length to the buffer size before copying and corrects a bounds check when merging Extended Supported Rates to prevent a second overflow. The patches have been applied to the Linux kernel stable branches as referenced in the commits [1][2][3].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/25411f5fcf5743131158f337c99c2bbf3f8477f5nvd
- git.kernel.org/stable/c/34620eb602aa432f090b2b784ee5c5070fb16cf9nvd
- git.kernel.org/stable/c/4445adedae770037078803d1ce41f9e88a1944b6nvd
- git.kernel.org/stable/c/49b7806851f93fd342838c93f4f765e0cc5029b0nvd
- git.kernel.org/stable/c/61871c83259a511980ec2664964cecc69005398bnvd
- git.kernel.org/stable/c/6ef0e1c10455927867cac8f0ed6b49f328f8cf95nvd
- git.kernel.org/stable/c/d129dc2a5d59b4d9cd2cc0b6eeb04df8461199f0nvd
- git.kernel.org/stable/c/e841d8ea722315b781c4fc5bf4f7670fbca88875nvd
News mentions
0No linked articles in our index yet.