CVE-2023-54286Stack-based Buffer Overflow in Linux

CWE-121Stack-based Buffer Overflow7 documents6 sources
Severity
7.0HIGH
No vector
EPSS
0.0%
top 89.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A received TKIP key may be up to 32 bytes because it may contain MIC rx/tx keys too. These are not used by iwl and copying these over overflows the iwl_keyinfo.key field. Add a check to not copy more data to iwl_keyinfo.key then will fit. This fixes backtraces like this one: memcpy: detected field-spanning write (size 32) of single field "sta_cmd.key.ke

Affected Packages4 packages

Linuxlinux/linux_kernel3.1.04.14.316+6
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linux5a3d9882b84edf5fa8e8ca33a5d6df25e2e727a576b5ea43ad2fb4f726ddfaff839430a706e7d7c2+8
debiandebian/linux< linux 6.1.37-1 (bookworm)

🔴Vulnerability Details

3
OSV
CVE-2023-54286: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A received2025-12-30
OSV
wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace2025-12-30
GHSA
GHSA-gwwq-p8rf-2xr4: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace A receiv2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace2025-12-30
Debian
CVE-2023-54286: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwi...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54286 Impact, Exploitability, and Mitigation Steps | Wiz