CVE-2026-43387 PUBLISHED

staging: rtl8723bs: properly validate the data in rtw_get_ie_ex()

Assigner: Linux
Reserved: 01.05.2026 Published: 08.05.2026 Updated: 09.05.2026

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: properly validate the data in rtw_get_ie_ex()

Just like in commit 154828bf9559 ("staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser"), we don't trust the data in the frame so we should check the length better before acting on it

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 554c0a3abf216c991c5ebddcdb2c08689ecd290b to ac38856092b4c994f94343251b30520bdeb7f475 (excl.)
  • affected from 554c0a3abf216c991c5ebddcdb2c08689ecd290b to 35969c3a208a07cb8642301df5869c34e2db7071 (excl.)
  • affected from 554c0a3abf216c991c5ebddcdb2c08689ecd290b to 8097a48c606a9306281ea7bd73bf2afc97553733 (excl.)
  • affected from 554c0a3abf216c991c5ebddcdb2c08689ecd290b to 740bca8bbdb707c0e4bb11e3316deb2f04fc7ce1 (excl.)
  • affected from 554c0a3abf216c991c5ebddcdb2c08689ecd290b to 821f7d759fb2de33c5e5b0c4981181c4d0c3e9b1 (excl.)
  • affected from 554c0a3abf216c991c5ebddcdb2c08689ecd290b to 6d62fa548387e159a21ea95132c09bfc96d336ed (excl.)
  • affected from 554c0a3abf216c991c5ebddcdb2c08689ecd290b to 9a4cd4c37593cc8b8d28f9a6732b490a8032006a (excl.)
  • affected from 554c0a3abf216c991c5ebddcdb2c08689ecd290b to f0109b9d3e1e455429279d602f6276e34689750a (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 4.12 is affected
  • unaffected from 0 to 4.12 (excl.)
  • unaffected from 5.10.253 to 5.10.* (incl.)
  • unaffected from 5.15.203 to 5.15.* (incl.)
  • unaffected from 6.1.167 to 6.1.* (incl.)
  • unaffected from 6.6.130 to 6.6.* (incl.)
  • unaffected from 6.12.78 to 6.12.* (incl.)
  • unaffected from 6.18.19 to 6.18.* (incl.)
  • unaffected from 6.19.9 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References