CVE-2023-53717Out-of-bounds Write in Linux

CWE-787Out-of-bounds Write6 documents5 sources
Severity
5.8MEDIUM
No vector
EPSS
0.0%
top 88.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedOct 22

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9k_wmi_cmd(). The callback writes to wmi->cmd_rsp_buf, a stack-allocated buffer that could no longer be valid when a timeout occurs. Set wmi->last_seq_id to 0 when a timeout occurred. Found by a modified version of syzkaller

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.354.14.308+6
Debianlinux/linux_kernel< 5.10.178-1+3
CVEListV5linux/linuxfb9987d0f748c983bb795a86f47522313f701a0889a33c3c847b19b19205cde1d924df2a6c70d8eb+8
debiandebian/linux< linux 6.1.20-1 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-qfvg-x2cj-cf5g: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()2025-10-22
OSV
CVE-2023-53717: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() F2025-10-22
OSV
wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()2025-10-22

📋Vendor Advisories

2
Red Hat
kernel: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()2025-10-22
Debian
CVE-2023-53717: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k...2023