cve 68254

CVE-2025-68254 addresses an out-of-bounds read vulnerability in the Linux kernel's staging rtl8723bs Wi-Fi driver. The flaw occurs during parsing of the Extended Supported Rates (ESR) Information Element in OnBeacon handling, where a malformed beacon could cause the driver to read beyond the end of a received frame, potentially leading to a kernel panic. The fix hardens ESR IE parsing to prevent this out-of-bounds access. This vulnerability affects systems using Realtek rtl8723bs-based Wi-Fi hardware, commonly found in low-power embedded devices. Users are advised to apply the latest kernel updates to mitigate the risk.