CVE-2023-52827 — Out-of-bounds Read in Linux
Severity
7.1HIGHNVD
EPSS
0.0%
top 94.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 21
Latest updateMay 22
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()
len is extracted from HTT message and could be an unexpected value in
case errors happen, so add validation before using to avoid possible
out-of-bound read in the following message iteration and parsing.
The same issue also applies to ppdu_info->ppdu_stats.common.num_users,
so validate it before using too.
These are found during code review.
Compi…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2
Affected Packages6 packages
▶CVEListV5linux/linuxd889913205cf7ebda905b1e62c5867ed4e39f6c2 — 79527c21a3ce04cffc35ea54f74ee087e532be57+3
Patches
🔴Vulnerability Details
2OSV▶
CVE-2023-52827: In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() len i↗2024-05-21
GHSA▶
GHSA-29xq-869p-3chq: In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()
len↗2024-05-21
📋Vendor Advisories
3Red Hat
▶
Debian▶
CVE-2023-52827: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12...↗2023
💬Community
1Bugzilla▶
CVE-2023-52827 kernel: wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()↗2024-05-22