Re: [PATCH v6 1/8] staging: rtl8723bs: fix buffer over-read in rtw_update_protection

Next message: Raviteja Laggyshetty: "[PATCH v2 2/2] interconnect: qcom: add Shikra interconnect provider driver"
Previous message: Raviteja Laggyshetty: "[PATCH v2 0/2] Add interconnect support for Qualcomm Shikra SoC"
Next in thread: Salman Alghamdi: "Re: [PATCH v6 1/8] staging: rtl8723bs: fix buffer over-read in rtw_update_protection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg KH

Date: Mon May 04 2026 - 05:41:40 EST

On Tue, Apr 28, 2026 at 07:44:31PM +0300, Salman Alghamdi wrote:
> rtw_update_protection() is called with a pointer offset into the
> ies buffer but the full ie_length is passed, causing a potential
> buffer over-read.
>
> Fixes: e945c43df60b ("Staging: rtl8723bs: Delete dead code from update_current_network()")
> Fixes: d3fcee1b78a5 ("staging: rtl8723bs: fix camel case in struct wlan_bssid_ex")
> Reported-by: Luka Gejak <luka.gejak@xxxxxxxxx>
> Closes: https://lore.kernel.org/linux-staging/DI2H39EAAFBZ.3KI5NWN02AQ2S@xxxxxxxxx
> Cc: stable@xxxxxxxxxxxxxxx
> Signed-off-by: Salman Alghamdi <me@xxxxxxxxxxxx>
> ---
> drivers/staging/rtl8723bs/core/rtw_mlme.c | 10 ++++++++--
> 1 file changed, 8 insertions(+), 2 deletions(-)

You should not mix patches for the current release (i.e. this one), with
patches for the next release (i.e. the rest of the patches in this
series), as that means I can't take the full series for either :(

Please break this up into two different sets of patches and resend them
that way.

thanks,

greg k-h