-

CVE-2023-53589

EPSS 0.02%
Veröffentlicht 04.10.2025 15:44:04
Zuletzt bearbeitet 06.10.2025 14:56:21
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

wifi: iwlwifi: mvm: don't trust firmware n_channels

If the firmware sends us a corrupted MCC response with
n_channels much larger than the command response can be,
we might copy far too much (uninitialized) memory and
even crash if the n_channels is large enough to make it
run out of the one page allocated for the FW response.

Fix that by checking the lengths. Doing a < comparison
would be sufficient, but the firmware should be doing
it correctly, so check more strictly.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < e519a404a5bbba37693cb10fa61794a5fce4fd9b

Version dcaf9f5ecb6f395152609bdc40660d9b593dca63

Status affected

Version < d0d39bed9e95f27a246be91c5929254ac043ed30

Version dcaf9f5ecb6f395152609bdc40660d9b593dca63

Status affected

Version < 05ad5a4d421ce65652fcb24d46b7e273130240d6

Version dcaf9f5ecb6f395152609bdc40660d9b593dca63

Status affected

Version < 557ba100d8cf3661ff8d71c0b4a2cba8db555ec2

Version dcaf9f5ecb6f395152609bdc40660d9b593dca63

Status affected

Version < c176f03350954b795322de0bfe1d7b514db41f45

Version dcaf9f5ecb6f395152609bdc40660d9b593dca63

Status affected

Version < 682b6dc29d98e857e6ca4bbc077c7dc2899b7473

Version dcaf9f5ecb6f395152609bdc40660d9b593dca63

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.1

Status affected

Version < 4.1

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.244

Status unaffected

Version <= 5.10.*

Version 5.10.181

Status unaffected

Version <= 5.15.*

Version 5.15.113

Status unaffected

Version <= 6.1.*

Version 6.1.30

Status unaffected

Version <= 6.3.*

Version 6.3.4

Status unaffected

Version <= *

Version 6.4

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.053

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/e519a404a5bbba37693cb10fa61794a5fce4fd9b

https://git.kernel.org/stable/c/d0d39bed9e95f27a246be91c5929254ac043ed30

https://git.kernel.org/stable/c/05ad5a4d421ce65652fcb24d46b7e273130240d6

https://git.kernel.org/stable/c/557ba100d8cf3661ff8d71c0b4a2cba8db555ec2

https://git.kernel.org/stable/c/c176f03350954b795322de0bfe1d7b514db41f45

https://git.kernel.org/stable/c/682b6dc29d98e857e6ca4bbc077c7dc2899b7473

https://nvd.nist.gov/vuln/detail/CVE-2023-53589

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53589

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53589

EUVD