staging: rtl8723bs: properly validate the data in rtw_get_ie_ex()
Summary
| CVE | CVE-2026-43387 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-08 15:16:50 UTC |
| Updated | 2026-05-12 14:10:27 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() Just like in commit 154828bf9559 ("staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser"), we don't trust the data in the frame so we should check the length better before acting on it |
Risk And Classification
EPSS: 0.000240000 probability, percentile 0.070360000 (date 2026-05-12)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b ac38856092b4c994f94343251b30520bdeb7f475 git | Not specified |
| CNA | Linux | Linux | affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b 35969c3a208a07cb8642301df5869c34e2db7071 git | Not specified |
| CNA | Linux | Linux | affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b 8097a48c606a9306281ea7bd73bf2afc97553733 git | Not specified |
| CNA | Linux | Linux | affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b 740bca8bbdb707c0e4bb11e3316deb2f04fc7ce1 git | Not specified |
| CNA | Linux | Linux | affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b 821f7d759fb2de33c5e5b0c4981181c4d0c3e9b1 git | Not specified |
| CNA | Linux | Linux | affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b 6d62fa548387e159a21ea95132c09bfc96d336ed git | Not specified |
| CNA | Linux | Linux | affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b 9a4cd4c37593cc8b8d28f9a6732b490a8032006a git | Not specified |
| CNA | Linux | Linux | affected 554c0a3abf216c991c5ebddcdb2c08689ecd290b f0109b9d3e1e455429279d602f6276e34689750a git | Not specified |
| CNA | Linux | Linux | affected 4.12 | Not specified |
| CNA | Linux | Linux | unaffected 4.12 semver | Not specified |
| CNA | Linux | Linux | unaffected 5.10.253 5.10.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.15.203 5.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.167 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.130 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.78 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.19 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19.9 6.19.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/6d62fa548387e159a21ea95132c09bfc96d336ed | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/f0109b9d3e1e455429279d602f6276e34689750a | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/35969c3a208a07cb8642301df5869c34e2db7071 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/ac38856092b4c994f94343251b30520bdeb7f475 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/8097a48c606a9306281ea7bd73bf2afc97553733 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/740bca8bbdb707c0e4bb11e3316deb2f04fc7ce1 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/9a4cd4c37593cc8b8d28f9a6732b490a8032006a | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/821f7d759fb2de33c5e5b0c4981181c4d0c3e9b1 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.