CVE-2023-53715Improper Input Validation in Linux

CWE-20Improper Input Validation6 documents5 sources
Severity
3.9LOW
No vector
EPSS
0.0%
top 88.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 22

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex passphrase mechanism does not work on newer chips/firmware (e.g. BCM4387). It seems there was a simple way of passing it in binary all along, so use that and avoid the hexification. OpenBSD has been doing it like this from the beginning, so this should work on all chips. Also clear the structure before setting the PMK. This was leaking uniniti

Affected Packages4 packages

Linuxlinux/linux_kernel4.13.04.14.316+6
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxb8a64f0e96c2b258321ee03975aeb0f5e88a055b1687845eb8f37360a9ee849a3587ab659b090773+8
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-53715: In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex2025-10-22
GHSA
GHSA-rw22-c852-p7j5: In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the h2025-10-22
OSV
wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex2025-10-22

📋Vendor Advisories

2
Red Hat
kernel: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex2025-10-22
Debian
CVE-2023-53715: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: brcmf...2023