The vulnerability resides in the staging rtl8723bs wireless driver present in the Linux kernel. The function rtw_update_protection receives a pointer offset into the IE (information element) buffer, yet it passes the entire ie_length parameter. This oversight leads to a buffer over‑read when the offset exceeds the actual size of the buffer. The flaw is a classic buffer over‑read (CWE‑119). Depending on the contents of the memory region adjacent to the buffer, an attacker could potentially read kernel memory that should be inaccessible.

Affected systems are any Linux kernel installations that include the rtl8723bs driver prior to the patch. All distributions that ship recent versions of the Linux kernel with the default staging driver are potentially impacted. No specific vendor product identifiers are listed beyond the general Linux kernel CPE; therefore, any kernel version containing the unpatched rtl8723bs code should be considered vulnerable.

The CVSS score and EPSS data are not provided, and the vulnerability is not listed in the CISA KEV catalog. The exploit would require local or privileged operations to trigger the over‑read, typically by interacting with the wireless interface managed by rtl8723bs. Because the flaw only allows reading data beyond a buffer, it is unlikely to lead directly to code execution, but it can expose sensitive kernel information or trigger a denial of service if the read causes a fault. Consequently, the risk is moderate to high for environments where the driver is exposed or where data leakage could be exploited.