-
CVE-2023-54300
- EPSS 0.06%
- Veröffentlicht 30.12.2025 12:23:35
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
For the reasons also described in commit b383e8abed41 ("wifi: ath9k: avoid
uninit memory read in ath9k_htc_rx_msg()"), ath9k_htc_rx_msg() should
validate pkt_len before accessing the SKB.
For example, the obtained SKB may have been badly constructed with
pkt_len = 8. In this case, the SKB can only contain a valid htc_frame_hdr
but after being processed in ath9k_htc_rx_msg() and passed to
ath9k_wmi_ctrl_rx() endpoint RX handler, it is expected to have a WMI
command header which should be located inside its data payload.
Implement sanity checking inside ath9k_wmi_ctrl_rx(). Otherwise, uninit
memory can be referenced.
Tested on Qualcomm Atheros Communications AR9271 802.11n .
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
fb9987d0f748c983bb795a86f47522313f701a08
Version <
0bc12e41af4e3ae1f0efecc377f0514459df0707
Status
affected
Version
fb9987d0f748c983bb795a86f47522313f701a08
Version <
28259ce4f1f1f9ab37fa817756c89098213d2fc0
Status
affected
Version
fb9987d0f748c983bb795a86f47522313f701a08
Version <
90e3c10177573b8662ac9858abd9bf731d5d98e0
Status
affected
Version
fb9987d0f748c983bb795a86f47522313f701a08
Version <
250efb4d3f5b32a115ea6bf25437ba44a1b3c04f
Status
affected
Version
fb9987d0f748c983bb795a86f47522313f701a08
Version <
ad5425e70789c29b93acafb5bb4629e4eb908296
Status
affected
Version
fb9987d0f748c983bb795a86f47522313f701a08
Version <
d1c2ff2bd84c3692c9df267a2b991ce92bfca8ef
Status
affected
Version
fb9987d0f748c983bb795a86f47522313f701a08
Version <
8ed572e52714593b209e3aa352406aff84481179
Status
affected
Version
fb9987d0f748c983bb795a86f47522313f701a08
Version <
75acec91aeaa07375cd5f418069e61b16d39bbad
Status
affected
Version
fb9987d0f748c983bb795a86f47522313f701a08
Version <
f24292e827088bba8de7158501ac25a59b064953
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
2.6.35
Status
affected
Version
0
Version <
2.6.35
Status
unaffected
Version <=
4.14.*
Version
4.14.322
Status
unaffected
Version <=
4.19.*
Version
4.19.291
Status
unaffected
Version <=
5.4.*
Version
5.4.251
Status
unaffected
Version <=
5.10.*
Version
5.10.188
Status
unaffected
Version <=
5.15.*
Version
5.15.121
Status
unaffected
Version <=
6.1.*
Version
6.1.39
Status
unaffected
Version <=
6.3.*
Version
6.3.13
Status
unaffected
Version <=
6.4.*
Version
6.4.4
Status
unaffected
Version <=
*
Version
6.5
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.196 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|