{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T18:11:47.944","vulnerabilities":[{"cve":{"id":"CVE-2025-71234","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-02-18T16:22:30.190","lastModified":"2026-03-18T17:13:08.443","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add\n\nThe driver does not set hw->sta_data_size, which causes mac80211 to\nallocate insufficient space for driver private station data in\n__sta_info_alloc(). When rtl8xxxu_sta_add() accesses members of\nstruct rtl8xxxu_sta_info through sta->drv_priv, this results in a\nslab-out-of-bounds write.\n\nKASAN report on RISC-V (VisionFive 2) with RTL8192EU adapter:\n\n  BUG: KASAN: slab-out-of-bounds in rtl8xxxu_sta_add+0x31c/0x346\n  Write of size 8 at addr ffffffd6d3e9ae88 by task kworker/u16:0/12\n\nSet hw->sta_data_size to sizeof(struct rtl8xxxu_sta_info) during\nprobe, similar to how hw->vif_data_size is configured. This ensures\nmac80211 allocates sufficient space for the driver's per-station\nprivate data.\n\nTested on StarFive VisionFive 2 v1.2A board."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nwifi: rtl8xxxu: corrección de slab-out-of-bounds en rtl8xxxu_sta_add\n\nEl controlador no establece hw->sta_data_size, lo que provoca que mac80211 asigne espacio insuficiente para los datos privados de estación del controlador en __sta_info_alloc(). Cuando rtl8xxxu_sta_add() accede a miembros de struct rtl8xxxu_sta_info a través de sta->drv_priv, esto resulta en una escritura slab-out-of-bounds.\n\nInforme KASAN en RISC-V (VisionFive 2) con adaptador RTL8192EU:\n\n  BUG: KASAN: slab-out-of-bounds en rtl8xxxu_sta_add+0x31c/0x346\n  Escritura de tamaño 8 en la dirección ffffffd6d3e9ae88 por la tarea kworker/u16:0/12\n\nEstablecer hw->sta_data_size a sizeof(struct rtl8xxxu_sta_info) durante probe, de forma similar a cómo se configura hw->vif_data_size. Esto asegura que mac80211 asigne espacio suficiente para los datos privados por estación del controlador.\n\nProbado en placa StarFive VisionFive 2 v1.2A."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.12.72","matchCriteriaId":"BC3EBF44-550D-4B5C-9CD4-93342B1A49F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.18.11","matchCriteriaId":"7099A9EC-3D54-4424-BF01-7224EF88C79C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"6.19.1","matchCriteriaId":"EE543C0D-A06B-414F-A403-CB1E088F261E"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/116f7bd8160c6b37d1c6939385abf90f6f6ed2f5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5d810ba377eddee95d30766d360a14efbb3d1872","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/86c946bcc00f6390ef65e9614ae60a9377e454f8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9a0f3fa6ecd0c9c32dbc367a57482bbf7c7d25bf","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}