Skip to main content

Linux Kernel CVE-2026-53179

| EUVDEUVD-2026-39270 HIGH
Out-of-bounds Read (CWE-125)
2026-06-25 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-jr2w-mc6v-cfpj
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
vuln.today AI
7.1 HIGH

Local low-priv trigger of an over-read (AV:L/AC:L/PR:L) disclosing adjacent kernel memory (C:H) and risking a driver crash (A:H); no data modification (I:N).

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 06, 2026 - 18:27 vuln.today
CVSS changed
Jul 06, 2026 - 18:22 NVD
7.1 (HIGH)
Patch available
Jun 25, 2026 - 10:32 EUVD
CVE Published
Jun 25, 2026 - 09:16 nvd
HIGH 7.1
CVE Published
Jun 25, 2026 - 09:16 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

staging: rtl8723bs: fix buffer over-read in rtw_update_protection

rtw_update_protection() is called with a pointer offset into the ies buffer but the full ie_length is passed, causing a potential buffer over-read.

AnalysisAI

Out-of-bounds kernel memory read in the Linux kernel's rtl8723bs staging Wi-Fi driver (Realtek RTL8723BS SDIO) lets a local low-privileged actor read past the intended information-element (IE) buffer. rtw_update_protection() receives a pointer already offset into the ies buffer while still being passed the full ie_length, so parsing walks beyond the valid data. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-priv access on device
Delivery
Ensure rtl8723bs driver processes IE data
Exploit
Supply crafted or short information element
Execution
Trigger over-read in rtw_update_protection
Impact
Leak adjacent kernel memory or crash driver

Vulnerability AssessmentAI

Exploitation Exploitation requires the target to be running the rtl8723bs staging driver - actual Realtek RTL8723BS SDIO Wi-Fi hardware must be present and the module loaded, which is the primary limiting factor and is not a default on most servers or enterprise endpoints. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N, C:H/I:N/A:H, base 7.1) frames this as a locally-triggered issue yielding kernel memory disclosure and potential denial of service, with no integrity impact - consistent with an over-read. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario On a device using the RTL8723BS Wi-Fi chipset, an attacker with local low-privileged access (or, if the call path is reached via received frames, a nearby rogue access point) causes the driver to parse crafted information elements. rtw_update_protection() then reads past the IE buffer, leaking adjacent kernel memory or crashing the driver. …
Remediation Vendor-released patch: upgrade to Linux kernel 6.18.36, 7.0.13, or 7.1 (or later on your branch), which correct the pointer/length mismatch in rtw_update_protection(); the upstream fixes are the commits at https://git.kernel.org/stable/c/735dabdf21561a24d8bcae456c9c32f7f961a029 and its stable backports (303f65af819f6d5aa302e82bce72b57a8575faea, 514ab98364595007d4557ecc85d7e5f012c504d3, c35ce55b12bb8fcd365daeb516e9782048119b36). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running the rtl8723bs staging driver (common in some Linux distributions and embedded systems). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53179 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy