5.6
CVE-2023-52768
- EPSS 0.23%
- Veröffentlicht 21.05.2024 16:15:15
- Zuletzt bearbeitet 02.04.2025 15:03:18
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
wifi: wilc1000: use vmm_table as array in wilc struct
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: use vmm_table as array in wilc struct Enabling KASAN and running some iperf tests raises some memory issues with vmm_table: BUG: KASAN: slab-out-of-bounds in wilc_wlan_handle_txq+0x6ac/0xdb4 Write of size 4 at addr c3a61540 by task wlan0-tx/95 KASAN detects that we are writing data beyond range allocated to vmm_table. There is indeed a mismatch between the size passed to allocator in wilc_wlan_init, and the range of possible indexes used later: allocation size is missing a multiplication by sizeof(u32)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.15.68 < 5.15.140
Linux ≫ Linux Kernel Version >= 5.19.9 < 6.1.64
Linux ≫ Linux Kernel Version >= 6.2 < 6.5.13
Linux ≫ Linux Kernel Version >= 6.6 < 6.6.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.137 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.6 | 0.8 | 4.7 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
|
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
https://git.kernel.org/stable/c/05ac1a198a63ad66bf5ae8b7321407c102d40ef3
https://git.kernel.org/stable/c/3ce1c2c3999b232258f7aabab311d47dda75605c
https://git.kernel.org/stable/c/4b0d6ddb6466d10df878a7787f175a0e4adc3e27
https://git.kernel.org/stable/c/541b3757fd443a68ed8d25968eae511a8275e7c8
https://git.kernel.org/stable/c/6aaf7cd8bdfe245d3c9a8b48fe70c2011965948e