Description
In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: fix buffer over-read in rtw_update_protection

rtw_update_protection() is called with a pointer offset into the
ies buffer but the full ie_length is passed, causing a potential
buffer over-read.
Published: 2026-06-25
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the staging rtl8723bs wireless driver present in the Linux kernel. The function rtw_update_protection receives a pointer offset into the IE (information element) buffer, yet it passes the entire ie_length parameter. This oversight leads to a buffer over‑read when the offset exceeds the actual size of the buffer. The flaw is a classic buffer over‑read (CWE‑119). Depending on the contents of the memory region adjacent to the buffer, an attacker could potentially read kernel memory that should be inaccessible.

Affected Systems

Affected systems are any Linux kernel installations that include the rtl8723bs driver prior to the patch. All distributions that ship recent versions of the Linux kernel with the default staging driver are potentially impacted. No specific vendor product identifiers are listed beyond the general Linux kernel CPE; therefore, any kernel version containing the unpatched rtl8723bs code should be considered vulnerable.

Risk and Exploitability

The CVSS score and EPSS data are not provided, and the vulnerability is not listed in the CISA KEV catalog. The exploit would require local or privileged operations to trigger the over‑read, typically by interacting with the wireless interface managed by rtl8723bs. Because the flaw only allows reading data beyond a buffer, it is unlikely to lead directly to code execution, but it can expose sensitive kernel information or trigger a denial of service if the read causes a fault. Consequently, the risk is moderate to high for environments where the driver is exposed or where data leakage could be exploited.

Generated by OpenCVE AI on June 25, 2026 at 11:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that incorporates the patch referenced in commit 303f65af.
  • If an upgrade is not immediately possible, disable or unload the rtl8723bs driver to prevent the vulnerable code from executing.
  • Restrict the use of the rtl8723bs wireless interface to trusted users and monitor for anomalous activity.

Generated by OpenCVE AI on June 25, 2026 at 11:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6381-1 linux security update
History

Sat, 04 Jul 2026 12:15:00 +0000


Tue, 30 Jun 2026 00:45:00 +0000


Thu, 25 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix buffer over-read in rtw_update_protection rtw_update_protection() is called with a pointer offset into the ies buffer but the full ie_length is passed, causing a potential buffer over-read.
Title staging: rtl8723bs: fix buffer over-read in rtw_update_protection
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-07-04T11:51:02.959Z

Reserved: 2026-06-09T07:44:35.389Z

Link: CVE-2026-53179

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53179 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T15:30:16Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer