CVE-2025-68254 | staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates (ESR) IE handling in OnBeacon accessed *(p + 1 + ielen) and *(p + 2 + ielen) without verifying that these offsets lie within the received frame buffer. A malformed beacon with an ESR IE positioned at the end of the buffer could cause an out-of-bounds read, potentially triggering a kernel panic. Add a boundary check to ensure that the ESR IE body and the subsequent bytes are within the limits of the frame before attempting to access them. This prevents OOB reads caused by malformed beacon frames.

Published: 2025-12-16 Last update: 2026-04-15 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Deferred，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2025-68254 is rated Low Risk (7.4/100): low exploitation likelihood (EPSS 0.18%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2025-68254

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.04%	0.18%	+0.14%
2	2026-05-14	0.06%	0.04%	-0.02%
3	2026-04-17	—	0.06%	—

Full EPSS history (4 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2025-68254

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2025-68254

OS Trackers for CVE-2025-68254

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2025-68254 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5, open 1.	https://security-tracker.debian.org/tracker/CVE-2025-68254
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2025-68254
`suse`	medium	CVE-2025-68254 severity moderate: SUSE including 417 source package names (13.2-9.1:libsystemd0-254.23-1.1, 13.2-9.1:libudev1-254.23-1.1, …), 889 product×package rows across 128 product lines (Container suse/sl-micro/6.0/baremetal-os-container, Container suse/sl-micro/6.0/base-os-container, … (128 product lines)): Fixed 376, Known Not Affected 257, Known Affected 231, First Fixed 25.	https://www.suse.com/security/cve/CVE-2025-68254/
`ubuntu`	medium	CVE-2025-68254 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 182, released 148, needed 51, pending 14.	https://ubuntu.com/security/CVE-2025-68254

Affected software / configurations for CVE-2025-68254

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2025-68254

URL	Tags
https://git.kernel.org/stable/c/38292407c2bb5b2b3131aaace4ecc7a829b40b76
https://git.kernel.org/stable/c/502ddcc405b69fa92e0add6c1714d654504f6fd7
https://git.kernel.org/stable/c/bb5940193d813449540d8d3a82abc045be41f48a
https://git.kernel.org/stable/c/bf323db1d883c209880bd92f3b12503e3531c3fc
https://git.kernel.org/stable/c/c03cb111628924827351e19baa5b073e9b0d723d
https://git.kernel.org/stable/c/c173ce97d3f0f0c0fefa39139d6d04ba60b5db22
https://git.kernel.org/stable/c/d1ab7f9cee22e7b8a528da9ac953e4193b96cda5

cvelogic Threat Intelligence