This vulnerability originates in the rtl8723bs wireless driver within the Linux kernel. A missing bounds check allows the driver to subtract an IE length value from an IE length field without guaranteeing that the result is non‑negative, which can cause an unsigned integer underflow. If an attacker can send crafted wireless frames, the underflow may corrupt memory or trigger a kernel crash, potentially giving the attacker code execution in kernel space or denial of service. The weakness is a classic integer underflow flaw consistent with CWE‑190.

The flaw affects the rtl8723bs driver in the Linux kernel. Any Linux distribution that includes a kernel with the staging rtl8723bs driver compiled and loaded is potentially impacted. Versions prior to the commit that added the bounds checks are vulnerable; the patch will be present in subsequent stable kernel releases. Specific kernel version ranges are not listed, but any kernel that has not applied this commit remains at risk.

The CVSS score is not reported, and EPSS is unavailable, so the quantitative impact is unknown. However, the flaw exists in kernel code that processes externally supplied network data; an attacker who can control Wi‑Fi traffic could trigger the integer underflow, which could lead to a crash or arbitrary code execution in kernel mode. There is no indication that CISA lists this as a known exploited vulnerability. The attack would likely be carried out via a rogue access point or over-the-air transmissions, requiring proximity to the target's wireless adapter.