critical
9.1
CWE
920
Advisory Published
Updated

CVE-2023-52832: wifi: mac80211: don't return unset power in ieee80211_get_tx_power()

First published: Tue May 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211_get_tx_power() We can get a UBSAN warning if ieee80211_get_tx_power() returns the INT_MIN value mac80211 internally uses for "unset power level". UBSAN: signed-integer-overflow in net/wireless/nl80211.c:3816:5 -2147483648 * 100 cannot be represented in type 'int' CPU: 0 PID: 20433 Comm: insmod Tainted: G WC OE Call Trace: dump_stack+0x74/0x92 ubsan_epilogue+0x9/0x50 handle_overflow+0x8d/0xd0 __ubsan_handle_mul_overflow+0xe/0x10 nl80211_send_iface+0x688/0x6b0 [cfg80211] [...] cfg80211_register_wdev+0x78/0xb0 [cfg80211] cfg80211_netdev_notifier_call+0x200/0x620 [cfg80211] [...] ieee80211_if_add+0x60e/0x8f0 [mac80211] ieee80211_register_hw+0xda5/0x1170 [mac80211] In this case, simply return an error instead, to indicate that no data is available.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
redhat/kernel<4.14.331
4.14.331
redhat/kernel<4.19.300
4.19.300
redhat/kernel<5.4.262
5.4.262
redhat/kernel<5.10.202
5.10.202
redhat/kernel<5.15.140
5.15.140
redhat/kernel<6.1.64
6.1.64
redhat/kernel<6.5.13
6.5.13
redhat/kernel<6.6.3
6.6.3
redhat/kernel<6.7
6.7
Linux Kernel<4.14.331
Linux Kernel>=4.15<4.19.300
Linux Kernel>=4.20<5.4.262
Linux Kernel>=5.5<5.10.202
Linux Kernel>=5.11<5.15.140
Linux Kernel>=5.16<6.1.64
Linux Kernel>=6.2<6.5.13
Linux Kernel>=6.6<6.6.3

Remedy

https://git.kernel.org/stable/c/1571120c44dbe5757aee1612c5b6097cdc42710f

Remedy

https://git.kernel.org/stable/c/21a0f310a9f3bfd2b4cf4f382430e638607db846

Remedy

https://git.kernel.org/stable/c/298e767362cade639b7121ecb3cc5345b6529f62

Remedy

https://git.kernel.org/stable/c/2be24c47ac19bf639c48c082486c08888bd603c6

Remedy

https://git.kernel.org/stable/c/5a94cffe90e20e8fade0b9abd4370bd671fe87c7

Remedy

https://git.kernel.org/stable/c/717de20abdcd1d4993fa450e28b8086a352620ea

Remedy

https://git.kernel.org/stable/c/adc2474d823fe81d8da759207f4f1d3691aa775a

Remedy

https://git.kernel.org/stable/c/e160ab85166e77347d0cbe5149045cb25e83937f

Remedy

https://git.kernel.org/stable/c/efeae5f4972f75d50002bc50eb112ab9e7069b18

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2023-52832?

    CVE-2023-52832 is classified as a potential integrity vulnerability within the Linux kernel.

  • How do I fix CVE-2023-52832?

    To resolve CVE-2023-52832, update the Linux kernel to versions 4.14.331, 4.19.300, 5.4.262, 5.10.202, 5.15.140, 6.1.64, 6.5.13, 6.6.3, or 6.7 as appropriate.

  • Which Linux kernel versions are affected by CVE-2023-52832?

    CVE-2023-52832 affects multiple Linux kernel versions including those prior to 4.14.331, 4.19.300, 5.4.262, 5.10.202, 5.15.140, 6.1.64, 6.5.13, 6.6.3, and 6.7.

  • What happens if CVE-2023-52832 is exploited?

    Exploiting CVE-2023-52832 could lead to a potentially undefined behavior or a warning from UBSAN when the power level is not set.

  • Is CVE-2023-52832 specific to any distribution?

    CVE-2023-52832 primarily affects the Red Hat distribution of the Linux kernel but can impact any system using the vulnerable kernel versions.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203