{"id":"CVE-2025-68255","summary":"staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing\n\nThe Supported Rates IE length from an incoming Association Request frame\nwas used directly as the memcpy() length when copying into a fixed-size\n16-byte stack buffer (supportRate). A malicious station can advertise an\nIE length larger than 16 bytes, causing a stack buffer overflow.\n\nClamp ie_len to the buffer size before copying the Supported Rates IE,\nand correct the bounds check when merging Extended Supported Rates to\nprevent a second potential overflow.\n\nThis prevents kernel stack corruption triggered by malformed association\nrequests.","modified":"2026-03-31T17:29:23.439953Z","published":"2025-12-16T14:44:58.031Z","related":["SUSE-SU-2026:0278-1","SUSE-SU-2026:0281-1","SUSE-SU-2026:0315-1","SUSE-SU-2026:20207-1","SUSE-SU-2026:20220-1","SUSE-SU-2026:20228-1","SUSE-SU-2026:20477-1","SUSE-SU-2026:20498-1","SUSE-SU-2026:20845-1","SUSE-SU-2026:20876-1","openSUSE-SU-2025:15836-1","openSUSE-SU-2026:10301-1","openSUSE-SU-2026:20145-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68255.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/25411f5fcf5743131158f337c99c2bbf3f8477f5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/34620eb602aa432f090b2b784ee5c5070fb16cf9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4445adedae770037078803d1ce41f9e88a1944b6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/49b7806851f93fd342838c93f4f765e0cc5029b0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/61871c83259a511980ec2664964cecc69005398b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6ef0e1c10455927867cac8f0ed6b49f328f8cf95"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d129dc2a5d59b4d9cd2cc0b6eeb04df8461199f0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e841d8ea722315b781c4fc5bf4f7670fbca88875"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68255.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68255"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"554c0a3abf216c991c5ebddcdb2c08689ecd290b"},{"fixed":"49b7806851f93fd342838c93f4f765e0cc5029b0"},{"fixed":"4445adedae770037078803d1ce41f9e88a1944b6"},{"fixed":"d129dc2a5d59b4d9cd2cc0b6eeb04df8461199f0"},{"fixed":"34620eb602aa432f090b2b784ee5c5070fb16cf9"},{"fixed":"61871c83259a511980ec2664964cecc69005398b"},{"fixed":"25411f5fcf5743131158f337c99c2bbf3f8477f5"},{"fixed":"e841d8ea722315b781c4fc5bf4f7670fbca88875"},{"fixed":"6ef0e1c10455927867cac8f0ed6b49f328f8cf95"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68255.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.12.0"},{"fixed":"5.10.248"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.198"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.160"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.120"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.62"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.17.12"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.18.0"},{"fixed":"6.18.1"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68255.json"}}],"schema_version":"1.7.5"}