CVE-2025-68254

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing<br /> <br /> The Extended Supported Rates (ESR) IE handling in OnBeacon accessed<br /> *(p + 1 + ielen) and *(p + 2 + ielen) without verifying that these<br /> offsets lie within the received frame buffer. A malformed beacon with<br /> an ESR IE positioned at the end of the buffer could cause an<br /> out-of-bounds read, potentially triggering a kernel panic.<br /> <br /> Add a boundary check to ensure that the ESR IE body and the subsequent<br /> bytes are within the limits of the frame before attempting to access<br /> them.<br /> <br /> This prevents OOB reads caused by malformed beacon frames.