Impact
The Linux kernel staging rtl8723bs wireless driver contains an unsigned integer underflow that can occur when the driver subtracts the IE length from a header field without ensuring the result is non‑negative. This flaw allows an attacker to craft a wireless frame that, when processed, triggers a memory corruption or kernel crash. The vulnerability is identified as CWE‑191 and results in a severe denial‑of‑service condition for the affected system.
Affected Systems
The flaw affects the rtl8723bs driver, a component of the Linux kernel’s staging area. Any Linux kernel build that includes the rtl8723bs implementation prior to the commit "staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction" is vulnerable. Distribution kernels that ship that older driver version, regardless of vendor, are affected until the patch is applied.
Risk and Exploitability
The CVSS score of 8.1 indicates a high severity vulnerability. The EPSS score of less than 1% implies that the exploitation probability is currently very low, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely vector is a crafted wireless frame sent to the rtl8723bs interface, which could trigger the underflow and crash the kernel, causing a denial‑of‑service. Exploitation requires access to the wireless interface or proximity to the same network segment; the impact remains significant if achieved.
OpenCVE Enrichment