First published: Tue May 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() len is extracted from HTT message and could be an unexpected value in case errors happen, so add validation before using to avoid possible out-of-bound read in the following message iteration and parsing. The same issue also applies to ppdu_info->ppdu_stats.common.num_users, so validate it before using too. These are found during code review. Compile test only.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Software | Affected Version | How to fix |
---|---|---|
Linux kernel | <6.5.13 | |
Linux kernel | >=6.6<6.6.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-52827 is classified as a medium severity vulnerability affecting the Linux kernel.
To fix CVE-2023-52827, update the Linux kernel to version 6.5.13 or later, or from version 6.6 to 6.6.3.
CVE-2023-52827 affects Linux kernel versions prior to 6.5.13 and versions between 6.6 and 6.6.3.
CVE-2023-52827 is an out-of-bounds read vulnerability in the wifi subsystem of the Linux kernel.
CVE-2023-52827 impacts the ath12k driver within the Linux kernel's wifi subsystem.