Skip to main content

rtl8723bs CVE-2026-53178

| EUVDEUVD-2026-39269 HIGH
Integer Underflow (CWE-191)
2026-06-25 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-c9gv-4j5c-v56g
8.1
CVSS 3.1 · Vendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Share

Severity by source

Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67) PRIMARY
8.1 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
vuln.today AI
8.1 HIGH

Adjacent radio delivery (AV:A) of a crafted management frame, no auth or interaction (PR:N/UI:N), unsigned underflow yields OOB read enabling kernel memory leak (C:H) and crash (A:H), no integrity impact.

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67).

CVSS VectorVendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 09:22 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
8.1 (HIGH)
Patch available
Jun 25, 2026 - 10:32 EUVD
CVE Published
Jun 25, 2026 - 09:16 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 25, 2026 - 09:16 cve.org
HIGH 8.1

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction

Add guards to ensure ie_length is large enough before subtracting fixed IE offsets to prevent unsigned integer underflow.

AnalysisAI

Memory-safety flaw in the Linux kernel's staging rtl8723bs Realtek SDIO Wi-Fi driver allows an adjacent (radio-range) attacker to trigger an unsigned-integer underflow in the rtw_mlme information-element parsing path, leading to out-of-bounds reads that can disclose kernel memory or crash the system. The bug occurs because ie_length was not validated before fixed IE offsets were subtracted from it. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker within Wi-Fi range
Delivery
Send crafted 802.11 management frame
Exploit
Undersized IE triggers ie_length underflow
Execution
Out-of-bounds read in rtw_mlme
Impact
Kernel memory disclosure or crash (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires the target to be running the Linux kernel rtl8723bs staging driver (i.e., a device with a Realtek RTL8723BS SDIO Wi-Fi chip and the driver loaded and active), and the attacker must be within wireless radio range (CVSS AV:A) to deliver a crafted 802.11 management frame with an undersized Information Element. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker within Wi-Fi range of a vulnerable device crafts an 802.11 management frame containing a malformed Information Element whose declared/effective length is smaller than the fixed IE offsets the driver subtracts. When rtw_mlme parses it, ie_length underflows to a huge unsigned value, and the driver reads far beyond the frame buffer - crashing the kernel (DoS) or potentially leaking adjacent kernel memory. …
Remediation Apply the upstream kernel fix: update to a stable kernel containing commits 542d65a6dbd9733baab96313c9fe76a76e93f484 and 88e994c57a79f62d5338231d8d37ee8dd98baffe (the patch series identified as 7.0.13 and 7.1), available via https://git.kernel.org/stable/c/542d65a6dbd9733baab96313c9fe76a76e93f484 and https://git.kernel.org/stable/c/88e994c57a79f62d5338231d8d37ee8dd98baffe; on distribution kernels, install the vendor's updated stable kernel package. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory systems running the rtl8723bs Realtek SDIO Wi-Fi driver to assess exposure scope. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53178 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy