7.8

CVE-2023-53554

staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()

In the Linux kernel, the following vulnerability has been resolved:

staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()

The "exc->key_len" is a u16 that comes from the user.  If it's over
IW_ENCODING_TOKEN_MAX (64) that could lead to memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.12 < 4.14.322
LinuxLinux Kernel Version >= 4.15 < 4.19.291
LinuxLinux Kernel Version >= 4.20 < 5.4.253
LinuxLinux Kernel Version >= 5.5 < 5.10.190
LinuxLinux Kernel Version >= 5.11 < 5.15.124
LinuxLinux Kernel Version >= 5.16 < 6.1.43
LinuxLinux Kernel Version >= 6.2 < 6.4.8
LinuxLinux Kernel Version6.5 Updaterc1
LinuxLinux Kernel Version6.5 Updaterc2
LinuxLinux Kernel Version6.5 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.066
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/9496fb96ddeb740dc6b966f4a7d8dfb8b93921c6
Patch
https://git.kernel.org/stable/c/663fff29fd613e2b0d30c4138157312ba93c4939
Patch
https://git.kernel.org/stable/c/5373a1aa91b2298f9305794b8270cf9896be96b6
Patch
https://git.kernel.org/stable/c/caac4b6c15b66feae4d83f602e1e46f124540202
Patch
https://git.kernel.org/stable/c/baf420e30364ef9efe3e29a5c0e01e612aebf3fe
Patch
https://git.kernel.org/stable/c/7ae9f55a495077f838bab466411ee6f38574df9b
Patch
https://git.kernel.org/stable/c/b1b04b56745bc79286c80aa876fabfab1e08ebf1
Patch
https://git.kernel.org/stable/c/5f1c7031e044cb2fba82836d55cc235e2ad619dc
Patch