The Linux kernel contains a flaw in the rtl8723bs wireless driver where the function rtw_get_ie_ex() does not adequately validate the length of data received over the air. A malicious actor could craft a wireless management frame that exploits this oversight, triggering an out‑of‑bounds read when the driver parses the frame data. Based on the description and the nature of the weakness, the impact is a read of unintended memory, potentially exposing kernel data or causing a crash. The vulnerability is an example of improper input validation and out‑of‑bounds read behavior.

The issue is present in any Linux kernel that includes the rtl8723bs driver in its staging tree prior to the commit that added the proper length check. No specific distribution or kernel release is listed, so the vulnerability may affect a broad range of Linux deployments that use the default kernel drivers for the rtl8723bs wireless chipset.

Because the flaw allows only an out‑of‑bounds read, it is unlikely to provide remote code execution on its own but could be leveraged for information disclosure or for building a larger attack chain. The EPSS score is not provided and the vulnerability is not listed in CISA’s KEV catalog, indicating that it is not currently known to be widely exploited. The CVSS score is not disclosed, so the severity cannot be quantified precisely, but the potential for kernel memory exposure warrants prompt attention. The most likely attack vector is a wireless transmission of a specially crafted frame that a vulnerable device processes while the driver is active.