CVE Catalog

CVE-2026-53178

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

12th percentile — higher than 12% of all known CVEs

Summary

In the Linux kernel, the rtl8723bs staging driver for Realtek WiFi chipsets lacks bounds checks before subtracting fixed IE offsets from ie_length, which can cause unsigned integer underflow.

Risk Assessment

An attacker could exploit this vulnerability to trigger undefined driver behavior, potentially leading to system crash or privilege escalation in kernel context.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit adding bounds checks before subtraction in rtw_mlme).

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: rtw_mlme: add bounds checks before ie_length subtraction Add guards to ensure ie_length is large enough before subtracting fixed IE offsets to prevent unsigned integer underflow.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS