staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing - kernel/linux.git

diff options

author	Navaneeth K <knavaneeth786@gmail.com>	2025-11-20 19:35:20 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2026-01-11 17:18:17 +0300
commit	bb5940193d813449540d8d3a82abc045be41f48a (patch)
tree	bea8663fb2a69221fe4a1eff992e77f1c4f7b60b /security/smack
parent	d129dc2a5d59b4d9cd2cc0b6eeb04df8461199f0 (diff)
download	linux-bb5940193d813449540d8d3a82abc045be41f48a.tar.xz

staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing

commit 502ddcc405b69fa92e0add6c1714d654504f6fd7 upstream. The Extended Supported Rates (ESR) IE handling in OnBeacon accessed *(p + 1 + ielen) and *(p + 2 + ielen) without verifying that these offsets lie within the received frame buffer. A malformed beacon with an ESR IE positioned at the end of the buffer could cause an out-of-bounds read, potentially triggering a kernel panic. Add a boundary check to ensure that the ESR IE body and the subsequent bytes are within the limits of the frame before attempting to access them. This prevents OOB reads caused by malformed beacon frames. Signed-off-by: Navaneeth K <knavaneeth786@gmail.com> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'security/smack')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: