CVE-2025-68256

CVSS v2.0

2.7

Low

Vector

AV:A/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the Linux kernel related to the rtl8723bs driver. The rtw get ie() parser does not properly validate the length of Information Element (IE) data within network frames. Specifically, it trusts the length byte of each IE without verifying that the IE body fits within the remaining frame buffer. A crafted frame with a malformed IE length can cause the parser to read beyond the buffer boundaries, leading to out-of-bounds reads or an infinite loop. The fix involves validating that the offset plus the IE length does not exceed the buffer limit before processing the IE.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2026-03067

CVE-2025-68256

ECHO-B021-9C8F-4D26

OPENSUSE-SU-2025:15836-1

OPENSUSE-SU-2026:10301-1

OPENSUSE-SU-2026:20145-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20207-1

SUSE-SU-2026:20220-1

SUSE-SU-2026:20228-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

USN-8152-1

USN-8179-1

USN-8179-2

USN-8179-3

USN-8179-4

USN-8184-1

USN-8185-1

USN-8185-2

USN-8203-1

USN-8204-1

USN-8258-1

USN-8260-1

USN-8261-1

USN-8265-1

Affected Products

Debian

Linuxmint

Linux Kernel

Ubuntu

Rtl8723Bs

CVE-2025-68256

Weakness Enumeration

Related Identifiers

Affected Products

References · 2444