Linux Kernel RTL8723BS Driver Uninitialized Variable Vulnerability in BIP Verification

A vulnerability exists in the Linux kernel's RTL8723BS Wi-Fi driver, specifically in the BIP verification function. The issue arises because an 8-byte variable, le_tmp64, is only partially initialized, leaving two bytes of uninitialized data. This vulnerability could lead to unpredictable behavior. The problem has been addressed by initializing the variable to zero before use, ensuring that all bytes are properly set. The vulnerability was identified by a static analysis tool, Smatch, which flagged the insufficient data copying as a warning.

Impact

The vulnerability could cause undefined behavior in the BIP verification process, potentially leading to incorrect handling of data or security protocols.

Reproduction

The vulnerability can be reproduced by using the affected RTL8723BS Wi-Fi driver in the Linux kernel. The BIP verification function will generate a warning about the uninitialized variable, indicating that the vulnerability is present.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed. The patch is available in the Linux kernel stable tree.