CVE-2023-52594: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
First published: Wed Mar 06 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug occurs when txs->cnt, data from a URB provided by a USB device, is bigger than the size of the array txs->txstatus, which is HTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug handling code after the check. Make the function return if that is the case. Found by a modified version of syzkaller. UBSAN: array-index-out-of-bounds in htc_drv_txrx.c index 13 is out of range for type '__wmi_event_txstatus [12]' Call Trace: ath9k_htc_txstatus ath9k_wmi_event_tasklet tasklet_action_common __do_softirq irq_exit_rxu sysvec_apic_timer_interrupt
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel | <4.19.307 | 4.19.307 |
| redhat/kernel | <5.4.269 | 5.4.269 |
| redhat/kernel | <5.10.210 | 5.10.210 |
| redhat/kernel | <5.15.149 | 5.15.149 |
| redhat/kernel | <6.1.77 | 6.1.77 |
| redhat/kernel | <6.6.16 | 6.6.16 |
| redhat/kernel | <6.7.4 | 6.7.4 |
| redhat/kernel | <6.8 | 6.8 |
| Linux Kernel | <4.19.307 | |
| Linux Kernel | >=4.20<5.4.269 | |
| Linux Kernel | >=5.5<5.10.210 | |
| Linux Kernel | >=5.11<5.15.149 | |
| Linux Kernel | >=5.16<6.1.77 | |
| Linux Kernel | >=6.2<6.6.16 | |
| Linux Kernel | >=6.7<6.7.4 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234
- https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6ebb3c348
- https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1
- https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9
- https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1
- https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d
- https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225
- https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc
- https://launchpad.net/bugs/cve/CVE-2023-52594
- https://access.redhat.com/security/cve/CVE-2023-52594
- https://lore.kernel.org/linux-cve-announce/2024030645-CVE-2023-52594-9b84@gregkh/T
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2268318
- https://access.redhat.com/errata/RHSA-2024:3618
- https://access.redhat.com/errata/RHSA-2024:3627
- https://access.redhat.com/errata/RHSA-2024:9315
- https://bugzilla.redhat.com/show_bug.cgi?id=2268317
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52594
- https://nvd.nist.gov/vuln/detail/CVE-2023-52594
- https://security-tracker.debian.org/tracker/CVE-2023-52594
- https://ubuntu.com/security/CVE-2023-52594
- https://git.kernel.org/linus/2adc886244dff60f948497b59affb6c6ebb3c348
Frequently Asked Questions
What is the severity of CVE-2023-52594?
CVE-2023-52594 is classified as a medium severity vulnerability due to potential array-index-out-of-bounds read which may lead to information disclosure.
How do I fix CVE-2023-52594?
To fix CVE-2023-52594, update the kernel package to version 4.19.307, 5.4.269, 5.10.210, 5.15.149, 6.1.77, 6.6.16, 6.7.4, or 6.8 as applicable.
What types of systems are affected by CVE-2023-52594?
CVE-2023-52594 affects systems running specific versions of the Linux kernel, particularly versions prior to 6.8.
Is there a workaround for CVE-2023-52594?
There is no known workaround for CVE-2023-52594; the recommended action is to upgrade to the patched kernel versions.
When was CVE-2023-52594 discovered?
CVE-2023-52594 was announced as resolved in the Linux kernel updates released in early 2023.
- agent/title
- agent/type
- agent/author
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-52594
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/remedy
- agent/trending
- collector/usn-cve
- source/Ubuntu
- agent/event
- agent/description
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- package-manager/debian