-

CVE-2023-53717

EPSS 0.04%
Veröffentlicht 22.10.2025 13:23:50
Zuletzt bearbeitet 22.10.2025 21:12:48
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()

Fix a stack-out-of-bounds write that occurs in a WMI response callback
function that is called after a timeout occurs in ath9k_wmi_cmd().
The callback writes to wmi->cmd_rsp_buf, a stack-allocated buffer that
could no longer be valid when a timeout occurs. Set wmi->last_seq_id to
0 when a timeout occurred.

Found by a modified version of syzkaller.

BUG: KASAN: stack-out-of-bounds in ath9k_wmi_ctrl_rx
Write of size 4
Call Trace:
 memcpy
 ath9k_wmi_ctrl_rx
 ath9k_htc_rx_msg
 ath9k_hif_usb_reg_in_cb
 __usb_hcd_giveback_urb
 usb_hcd_giveback_urb
 dummy_timer
 call_timer_fn
 run_timer_softirq
 __do_softirq
 irq_exit_rcu
 sysvec_apic_timer_interrupt

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 89a33c3c847b19b19205cde1d924df2a6c70d8eb

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

Version < ae4933b4f17de8e2b7ff6f91b17d3b0099a6d6bc

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

Version < bf6dc175a2b53098a69db1236d9d53982f4b1bc0

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

Version < 78b56b0a613a87b61290b95be497fdfe2fe58aa6

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

Version < 1af7eacfad45149c54893a8a9df9e92ef89f0a90

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

Version < 8f28513d9520184059530c01a9f928a1b3809d3f

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

Version < 554048a72d7ecfdd58cc1bfb56e0a1864e64e82c

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

Version < 8a2f35b9830692f7a616f2f627f943bc748af13a

Version fb9987d0f748c983bb795a86f47522313f701a08

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.35

Status affected

Version < 2.6.35

Version 0

Status unaffected

Version <= 4.14.*

Version 4.14.308

Status unaffected

Version <= 4.19.*

Version 4.19.276

Status unaffected

Version <= 5.4.*

Version 5.4.235

Status unaffected

Version <= 5.10.*

Version 5.10.173

Status unaffected

Version <= 5.15.*

Version 5.15.99

Status unaffected

Version <= 6.1.*

Version 6.1.16

Status unaffected

Version <= 6.2.*

Version 6.2.3

Status unaffected

Version <= *

Version 6.3

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.096

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/89a33c3c847b19b19205cde1d924df2a6c70d8eb

https://git.kernel.org/stable/c/ae4933b4f17de8e2b7ff6f91b17d3b0099a6d6bc

https://git.kernel.org/stable/c/bf6dc175a2b53098a69db1236d9d53982f4b1bc0

https://git.kernel.org/stable/c/78b56b0a613a87b61290b95be497fdfe2fe58aa6

https://git.kernel.org/stable/c/1af7eacfad45149c54893a8a9df9e92ef89f0a90

https://git.kernel.org/stable/c/8f28513d9520184059530c01a9f928a1b3809d3f

https://git.kernel.org/stable/c/554048a72d7ecfdd58cc1bfb56e0a1864e64e82c

https://git.kernel.org/stable/c/8a2f35b9830692f7a616f2f627f943bc748af13a

https://nvd.nist.gov/vuln/detail/CVE-2023-53717

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53717

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53717

EUVD