Linux Kernel Out-of-Bounds Read Vulnerability in RTL8723BS Driver

A vulnerability in the Linux kernel's RTL8723BS Wi-Fi driver has been addressed. The issue involved an out-of-bounds read in the OnBeacon function, where the Extended Supported Rates (ESR) Information Element (IE) was accessed without proper boundary checks. This flaw could be exploited by a malformed beacon frame, potentially leading to a kernel panic. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability could lead to an out-of-bounds read, causing a kernel panic and disrupting system operations.

Reproduction

The vulnerability can be reproduced by sending a malformed beacon frame with the ESR IE positioned at the end of the buffer. This can be done using a tool that allows for the manipulation of Wi-Fi beacon frames, such as Scapy or airodump-ng, depending on the specific environment and hardware.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version can be found in the Linux kernel documentation.