1305 matches found
UBUNTU-CVE-2026-53178
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: rtwmlme: add bounds checks before ielength subtraction Add guards to ensure ielength is large enough before subtracting fixed IE offsets to prevent unsigned integer underflow...
EUVD-2026-39270
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix buffer over-read in rtwupdateprotection rtwupdateprotection is called with a pointer offset into the ies buffer but the full ielength is passed, causing a potential buffer over-read...
EUVD-2026-39269
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: rtwmlme: add bounds checks before ielength subtraction Add guards to ensure ielength is large enough before subtracting fixed IE offsets to prevent unsigned integer underflow...
CVE-2026-53178
CVE-2026-53178 is a Linux kernel issue in the rtl8723bs Wi‑Fi driver (rtw_mlme) where an unsigned underflow can occur when subtracting fixed IE offsets from ie_length. The available connected sources indicate the bug has been fixed in the kernel (staging) by adding bounds checks to ensure ie_leng...
CVE-2026-53178 staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: rtwmlme: add bounds checks before ielength subtraction Add guards to ensure ielength is large enough before subtracting fixed IE offsets to prevent unsigned integer underflow...
CVE-2026-53178
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: rtwmlme: add bounds checks before ielength subtraction Add guards to ensure ielength is large enough before subtracting fixed IE offsets to prevent unsigned integer underflow...
Morse Micro HaLowLink 安全漏洞
Morse Micro HaLowLink is a series of long-range wireless gateway devices developed by Morse Micro Corporation. Versions of Morse Micro HaLowLink prior to 2.2.11.13 contained security vulnerabilities. These vulnerabilities stemmed from the use of the IE length field as the size parameter for the...
PT-2026-46900
A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...
CVE-2025-15653
Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...
CVE-2025-15653 Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation
Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...
CVE-2025-15653
The affected products are Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations. The vulnerability is a local privilege escalation via unprotected USB interfaces that attackers with physical access can exploit to compromise software integrity. Reported impact includes ...
CVE-2026-37222
FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element IE counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs e.g., an E2setupRequest with extra optional fields to crash the near-RT RIC port 36421 or...
Astra Linux – Vulnerability in ntfs-3g
A properly crafted NTFS image can lead to a out-of-bounds read in ntfsielookup in NTFS-3G before version 2021.8.22...
SUSE CVE-2026-43387
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtwgetieex Just like in commit 154828bf9559 "staging: rtl8723bs: fix out-of-bounds read in rtwgetie parser", we don't trust the data in the frame so we should check the length...
CVE-2026-43386
A flaw was found in the Linux kernel's rtl8723bs component. An incorrect length check within the rtwrestructwmmie function can lead to an out-of-bounds read. This vulnerability occurs because the code attempts to access memory beyond the allocated buffer before verifying the index is within bound...
EUVD-2026-28693
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtwgetieex Just like in commit 154828bf9559 "staging: rtl8723bs: fix out-of-bounds read in rtwgetie parser", we don't trust the data in the frame so we should check the length...
EUVD-2026-28692
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix potential out-of-bounds read in rtwrestructwmmie The current code checks 'i + 5 inlen' at the end of the if statement. However, it accesses 'iniei + 5' before that check, which can lead to an out-of-bounds...
UBUNTU-CVE-2026-43386
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix potential out-of-bounds read in rtwrestructwmmie The current code checks 'i + 5 inlen' at the end of the if statement. However, it accesses 'iniei + 5' before that check, which can lead to an out-of-bounds...
CVE-2026-43386
The CVE-2026-43386 issue affects the Linux kernel rtl8723bs component, specifically in the rtw_restruct_wmm_ie path, where an insufficiently guarded access can cause an out-of-bounds read. The root cause is that the code accesses in_ie[i + 5] before ensuring i + 5 is within in_len, potentially le...
PT-2026-39048
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the rtl8723bs staging driver where the rtw get ie ex function does not properly validate data within the frame. This lack of length verification can lead to an...