{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68362","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-16T14:48:05.307Z","datePublished":"2025-12-24T10:32:50.492Z","dateUpdated":"2026-05-11T21:51:44.272Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:51:44.272Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()\n\nThe rtl8187_rx_cb() calculates the rx descriptor header address\nby subtracting its size from the skb tail pointer.\nHowever, it does not validate if the received packet\n(skb->len from urb->actual_length) is large enough to contain this\nheader.\n\nIf a truncated packet is received, this will lead to a buffer\nunderflow, reading memory before the start of the skb data area,\nand causing a kernel panic.\n\nAdd length checks for both rtl8187 and rtl8187b descriptor headers\nbefore attempting to access them, dropping the packet cleanly if the\ncheck fails."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c"],"versions":[{"version":"6f7853f3cbe457067e9fe05461f56c7ea4ac488c","lessThan":"118e12bf3e4288cf845cd3759bd9d4c99f91aab5","status":"affected","versionType":"git"},{"version":"6f7853f3cbe457067e9fe05461f56c7ea4ac488c","lessThan":"6a96bd0d94305fd04a6ac64446ec113bae289384","status":"affected","versionType":"git"},{"version":"6f7853f3cbe457067e9fe05461f56c7ea4ac488c","lessThan":"e2f3ea15e804607e0a4a34a2f6c331c8750b68bc","status":"affected","versionType":"git"},{"version":"6f7853f3cbe457067e9fe05461f56c7ea4ac488c","lessThan":"dc153401fb26c1640a2b279c47b65e1c416af276","status":"affected","versionType":"git"},{"version":"6f7853f3cbe457067e9fe05461f56c7ea4ac488c","lessThan":"4758770a673c60d8f615809304d72e1432fa6355","status":"affected","versionType":"git"},{"version":"6f7853f3cbe457067e9fe05461f56c7ea4ac488c","lessThan":"638d4148e166d114a4cd7becaae992ce1a815ed8","status":"affected","versionType":"git"},{"version":"6f7853f3cbe457067e9fe05461f56c7ea4ac488c","lessThan":"5ebf0fe7eaef9f6173a4c6ea77c5353e21645d15","status":"affected","versionType":"git"},{"version":"6f7853f3cbe457067e9fe05461f56c7ea4ac488c","lessThan":"b647d2574e4583c2e3b0ab35568f60c88e910840","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c"],"versions":[{"version":"2.6.27","status":"affected"},{"version":"0","lessThan":"2.6.27","status":"unaffected","versionType":"semver"},{"version":"5.10.248","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.198","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.160","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.120","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.63","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.13","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18.2","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"5.10.248"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"5.15.198"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"6.1.160"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"6.6.120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"6.12.63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"6.17.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"6.18.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.27","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/118e12bf3e4288cf845cd3759bd9d4c99f91aab5"},{"url":"https://git.kernel.org/stable/c/6a96bd0d94305fd04a6ac64446ec113bae289384"},{"url":"https://git.kernel.org/stable/c/e2f3ea15e804607e0a4a34a2f6c331c8750b68bc"},{"url":"https://git.kernel.org/stable/c/dc153401fb26c1640a2b279c47b65e1c416af276"},{"url":"https://git.kernel.org/stable/c/4758770a673c60d8f615809304d72e1432fa6355"},{"url":"https://git.kernel.org/stable/c/638d4148e166d114a4cd7becaae992ce1a815ed8"},{"url":"https://git.kernel.org/stable/c/5ebf0fe7eaef9f6173a4c6ea77c5353e21645d15"},{"url":"https://git.kernel.org/stable/c/b647d2574e4583c2e3b0ab35568f60c88e910840"}],"title":"wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()","x_generator":{"engine":"bippy-1.2.0"}}}}