Описание
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()
The rtl8187_rx_cb() calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received packet (skb->len from urb->actual_length) is large enough to contain this header.
If a truncated packet is received, this will lead to a buffer underflow, reading memory before the start of the skb data area, and causing a kernel panic.
Add length checks for both rtl8187 and rtl8187b descriptor headers before attempting to access them, dropping the packet cleanly if the check fails.
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()
The rtl8187_rx_cb() calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received packet (skb->len from urb->actual_length) is large enough to contain this header.
If a truncated packet is received, this will lead to a buffer underflow, reading memory before the start of the skb data area, and causing a kernel panic.
Add length checks for both rtl8187 and rtl8187b descriptor headers before attempting to access them, dropping the packet cleanly if the check fails.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-68362
- https://git.kernel.org/stable/c/118e12bf3e4288cf845cd3759bd9d4c99f91aab5
- https://git.kernel.org/stable/c/4758770a673c60d8f615809304d72e1432fa6355
- https://git.kernel.org/stable/c/5ebf0fe7eaef9f6173a4c6ea77c5353e21645d15
- https://git.kernel.org/stable/c/638d4148e166d114a4cd7becaae992ce1a815ed8
- https://git.kernel.org/stable/c/6a96bd0d94305fd04a6ac64446ec113bae289384
- https://git.kernel.org/stable/c/b647d2574e4583c2e3b0ab35568f60c88e910840
- https://git.kernel.org/stable/c/dc153401fb26c1640a2b279c47b65e1c416af276
- https://git.kernel.org/stable/c/e2f3ea15e804607e0a4a34a2f6c331c8750b68bc
EPSS
CVE ID
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() The rtl8187_rx_cb() calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received packet (skb->len from urb->actual_length) is large enough to contain this header. If a truncated packet is received, this will lead to a buffer underflow, reading memory before the start of the skb data area, and causing a kernel panic. Add length checks for both rtl8187 and rtl8187b descriptor headers before attempting to access them, dropping the packet cleanly if the check fails.
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() The rtl8187_rx_cb() calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received packet (skb->len from urb->actual_length) is large enough to contain this header. If a truncated packet is received, this will lead to a buffer underflow, reading memory before the start of the skb data area, and causing a kernel panic. Add length checks for both rtl8187 and rtl8187b descriptor headers before attempting to access them, dropping the packet cleanly if the check fails.
wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()
In the Linux kernel, the following vulnerability has been resolved: w ...
EPSS