CVE-2026-43386 staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix potential out-of-bounds read in rtwrestructwmmie The current code checks 'i + 5 inlen' at the end of the if statement. However, it accesses 'iniei + 5' before that check, which can lead to an out-of-bounds...

CVE-2026-43225 staging: rtl8723bs: fix memory leak on failure path

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix memory leak on failure path cfg80211informbssframe may return NULL on failure. In that case, the allocated buffer 'buf' is not freed and the function returns early, leading to potential memory leak. Fix th...

CVE-2025-68256 staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtwgetie parser The Information Element IE parser rtwgetie trusted the length byte of each IE without validating that the IE body len bytes after the 2-byte header fits inside the...

CVE-2022-50355 staging: vt6655: fix some erroneous memory clean-up loops

In the Linux kernel, the following vulnerability has been resolved: staging: vt6655: fix some erroneous memory clean-up loops In some initialization functions of this driver, memory is allocated with 'i' acting as an index variable and increasing from 0. The commit in "Fixes" introduces some...