fkie_cve-2023-52827
Vulnerability from fkie_nvd
Published
2024-05-21 16:15
Modified
2024-11-21 08:40
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() len is extracted from HTT message and could be an unexpected value in case errors happen, so add validation before using to avoid possible out-of-bound read in the following message iteration and parsing. The same issue also applies to ppdu_info->ppdu_stats.common.num_users, so validate it before using too. These are found during code review. Compile test only.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1bc44a505a229bb1dd4957e11aa594edeea3690ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/79527c21a3ce04cffc35ea54f74ee087e532be57Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c9e44111da221246efb2e623ae1be40a5cf6542cPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/1bc44a505a229bb1dd4957e11aa594edeea3690ePatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/79527c21a3ce04cffc35ea54f74ee087e532be57Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/c9e44111da221246efb2e623ae1be40a5cf6542cPatch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8037DB00-CF94-499F-A19D-763AB1141887",
              "versionEndExcluding": "6.5.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58252FA-A49C-411F-9B28-DC5FE44BC5A0",
              "versionEndExcluding": "6.6.3",
              "versionStartIncluding": "6.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()\n\nlen is extracted from HTT message and could be an unexpected value in\ncase errors happen, so add validation before using to avoid possible\nout-of-bound read in the following message iteration and parsing.\n\nThe same issue also applies to ppdu_info-\u003eppdu_stats.common.num_users,\nso validate it before using too.\n\nThese are found during code review.\n\nCompile test only."
    },
    {
      "lang": "es",
      "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: ath12k: corrige una posible lectura fuera de los l\u00edmites en ath12k_htt_pull_ppdu_stats(). len se extrae del mensaje HTT y podr\u00eda ser un valor inesperado en caso de que ocurran errores, as\u00ed que agregue validaci\u00f3n antes de usarlo para evitar una posible lectura fuera de los l\u00edmites en la siguiente iteraci\u00f3n y an\u00e1lisis del mensaje. El mismo problema tambi\u00e9n se aplica a ppdu_info-\u0026gt;ppdu_stats.common.num_users, as\u00ed que val\u00eddelo antes de usarlo tambi\u00e9n. Estos se encuentran durante la revisi\u00f3n del c\u00f3digo. Compilar prueba \u00fanicamente."
    }
  ],
  "id": "CVE-2023-52827",
  "lastModified": "2024-11-21T08:40:40.303",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-21T16:15:20.463",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/1bc44a505a229bb1dd4957e11aa594edeea3690e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/79527c21a3ce04cffc35ea54f74ee087e532be57"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/c9e44111da221246efb2e623ae1be40a5cf6542c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/1bc44a505a229bb1dd4957e11aa594edeea3690e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/79527c21a3ce04cffc35ea54f74ee087e532be57"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/c9e44111da221246efb2e623ae1be40a5cf6542c"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.