Description
In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction

Add guards to ensure ie_length is large enough before subtracting
fixed IE offsets to prevent unsigned integer underflow.
Published: 2026-06-25
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel staging rtl8723bs wireless driver contains an unsigned integer underflow that can occur when the driver subtracts the IE length from a header field without ensuring the result is non‑negative. This flaw allows an attacker to craft a wireless frame that, when processed, triggers a memory corruption or kernel crash. The vulnerability is identified as CWE‑191 and results in a severe denial‑of‑service condition for the affected system.

Affected Systems

The flaw affects the rtl8723bs driver, a component of the Linux kernel’s staging area. Any Linux kernel build that includes the rtl8723bs implementation prior to the commit "staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction" is vulnerable. Distribution kernels that ship that older driver version, regardless of vendor, are affected until the patch is applied.

Risk and Exploitability

The CVSS score of 8.1 indicates a high severity vulnerability. The EPSS score of less than 1% implies that the exploitation probability is currently very low, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely vector is a crafted wireless frame sent to the rtl8723bs interface, which could trigger the underflow and crash the kernel, causing a denial‑of‑service. Exploitation requires access to the wireless interface or proximity to the same network segment; the impact remains significant if achieved.

Generated by OpenCVE AI on June 28, 2026 at 15:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the rtw_mlme bounds‑check commit for the rtl8723bs driver.
  • If a kernel upgrade is not immediately possible, blacklist or unload the rtl8723bs module (e.g., add 'blacklist rtl8723bs' to /etc/modprobe.d/blacklist.conf and reboot).
  • If Wi‑Fi service is required, restrict the interface to trusted devices only, enforce WPA3 authentication, and monitor for anomalous management frames that might exploit the vulnerability.

Generated by OpenCVE AI on June 28, 2026 at 15:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H'}


Fri, 26 Jun 2026 05:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-191
References
Metrics threat_severity

None

threat_severity

Moderate


Thu, 25 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction Add guards to ensure ie_length is large enough before subtracting fixed IE offsets to prevent unsigned integer underflow.
Title staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:39:52.220Z

Reserved: 2026-06-09T07:44:35.389Z

Link: CVE-2026-53178

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53178 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T15:15:05Z

Weaknesses
  • CWE-191

    Integer Underflow (Wrap or Wraparound)