Luka Gejak a75281626f staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie ... The current code checks 'i + 5 < in_len' at the end of the if statement. However, it accesses 'in_ie[i + 5]' before that check, which can lead to an out-of-bounds read. Move the length check to the beginning of the conditional to ensure the index is within bounds before accessing the array. Fixes: 554c0a3abf ("staging: Add rtl8723bs sdio wifi driver") Cc: stable <stable@kernel.org> Signed-off-by: Luka Gejak <luka.gejak@linux.dev> Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org> Link: https://patch.msgid.link/20260224132647.11642-2-luka.gejak@linux.dev Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2026-02-24 10:01:20 -08:00
..
axis-fifo	staging: axis-fifo: Fix indentation	2026-01-27 15:34:32 +01:00
fbtft	treewide: Replace kmalloc with kmalloc_obj for non-scalar types	2026-02-21 01:02:28 -08:00
greybus	Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses	2026-02-22 08:26:33 -08:00
iio	staging: iio: adt7316: modernize power management	2026-01-11 13:00:22 +00:00
media	Convert remaining multi-line kmalloc_obj/flex GFP_KERNEL uses	2026-02-22 08:26:33 -08:00
most	Convert 'alloc_obj' family to use the new default GFP_KERNEL argument	2026-02-21 17:09:51 -08:00
nvec	Convert 'alloc_obj' family to use the new default GFP_KERNEL argument	2026-02-21 17:09:51 -08:00
octeon	Staging driver changes for 6.18-rc1	2025-10-04 16:17:14 -07:00
rtl8723bs	staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie	2026-02-24 10:01:20 -08:00
sm750fb	staging: sm750fb: add missing pci_release_region on error and removal	2026-02-23 16:32:56 +01:00
vc04_services	Convert 'alloc_obj' family to use the new default GFP_KERNEL argument	2026-02-21 17:09:51 -08:00
vme_user	Convert more 'alloc_obj' cases to default GFP_KERNEL arguments	2026-02-21 20:03:00 -08:00
Kconfig	staging: gpib: Destage gpib	2025-11-24 17:52:11 +01:00
Makefile	staging: gpib: Destage gpib	2025-11-24 17:52:11 +01:00