21 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed a stack buffer overflow issue during the parsing of the OnAssocReq IE. The length of the Supported Rates IE from an incoming Association Request frame was directly used as the length for the memcpy...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fixed an out-of-bounds read during the parsing of the OnBeacon Extended Supported Rates ESR extension. The handling of the ESR extension during the OnBeacon phase involves accessing p + 1 + ielen and p + 2 +...
SUSE CVE-2025-68254
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates ESR IE handling in OnBeacon accessed p + 1 + ielen and p + 2 + ielen without verifying that these offsets lie within the received...
SUSE CVE-2025-68255
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy length when copying into a fixed-size 16-byte stack...
EUVD-2025-203746
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates ESR IE handling in OnBeacon accessed p + 1 + ielen and p + 2 + ielen without verifying that these offsets lie within the received...
CVE-2025-68254
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates ESR IE handling in OnBeacon accessed p + 1 + ielen and p + 2 + ielen without verifying that these offsets lie within the received...
CVE-2025-68255
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy length when copying into a fixed-size 16-byte stack...
UBUNTU-CVE-2025-68255
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy length when copying into a fixed-size 16-byte stack...
CVE-2025-68254
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates ESR IE handling in OnBeacon accessed p + 1 + ielen and p + 2 + ielen without verifying that these offsets lie within the received...
UBUNTU-CVE-2025-68254
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates ESR IE handling in OnBeacon accessed p + 1 + ielen and p + 2 + ielen without verifying that these offsets lie within the received...
CVE-2025-68255 staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy length when copying into a fixed-size 16-byte stack...
CVE-2025-68255
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy length when copying into a fixed-size 16-byte stack...
CVE-2025-68255 staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy length when copying into a fixed-size 16-byte stack...
CVE-2025-68254 staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates ESR IE handling in OnBeacon accessed p + 1 + ielen and p + 2 + ielen without verifying that these offsets lie within the received...
CVE-2025-68254
The CVE refers to a Linux kernel vulnerability in the staging: rtl8723bs driver where Extended Supported Rates (ESR) IE handling in OnBeacon could perform out-of-bounds reads by accessing (p + 1 + ielen) and (p + 2 + ielen) without ensuring the ESR IE body and following bytes lie within the frame...
CVE-2025-68254 staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates ESR IE handling in OnBeacon accessed p + 1 + ielen and p + 2 + ielen without verifying that these offsets lie within the received...
PT-2025-51668
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the rtl8723bs driver. Specifically, a stack buffer overflow can occur during the parsing of Supported Rates Information Element IE within...
EUVD-2019-2370
Malware in sbrugna...
Code injection
Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service panic via a beacon frame with a large length value in the extended supported rates xrates element, which triggers an assertion error, related to net80211/ieee80211scanap.c and net80211/ieee80211scansta.c...
CVE-2007-5448
Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service panic via a beacon frame with a large length value in the extended supported rates xrates element, which triggers an assertion error, related to net80211/ieee80211scanap.c and net80211/ieee80211scansta.c...