CVE-2023-54300Access of Uninitialized Pointer in Linux

CWE-824Access of Uninitialized Pointer7 documents6 sources
Severity
6.6MEDIUM
No vector
EPSS
0.0%
top 84.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedDec 30

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx For the reasons also described in commit b383e8abed41 ("wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()"), ath9k_htc_rx_msg() should validate pkt_len before accessing the SKB. For example, the obtained SKB may have been badly constructed with pkt_len = 8. In this case, the SKB can only contain a valid htc_frame_hdr but after being processed in ath9k

Affected Packages4 packages

Linuxlinux/linux_kernel2.6.354.14.322+7
Debianlinux/linux_kernel< 5.10.191-1+3
CVEListV5linux/linuxfb9987d0f748c983bb795a86f47522313f701a080bc12e41af4e3ae1f0efecc377f0514459df0707+9
debiandebian/linux< linux 6.1.52-1 (bookworm)

🔴Vulnerability Details

3
OSV
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx2025-12-30
GHSA
GHSA-2337-fj37-r35q: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx For the reason2025-12-30
OSV
CVE-2023-54300: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx For the reasons2025-12-30

📋Vendor Advisories

2
Red Hat
kernel: wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx2025-12-30
Debian
CVE-2023-54300: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k...2023

🕵️Threat Intelligence

1
Wiz
CVE-2023-54300 Impact, Exploitability, and Mitigation Steps | Wiz