CVE-2023-52827

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats() len is extracted from HTT message and could be an unexpected value in case errors happen, so add validation before using to avoid possible out-of-bound read in the following message iteration and parsing. The same issue also applies to ppdu_info->ppdu_stats.common.num_users, so validate it before using too. These are found during code review. Compile test only.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/1bc44a505a229bb1dd4957e11aa594edeea3690e	Patch
https://git.kernel.org/stable/c/79527c21a3ce04cffc35ea54f74ee087e532be57	Patch
https://git.kernel.org/stable/c/c9e44111da221246efb2e623ae1be40a5cf6542c	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

No history.

Information

Published : 2024-05-21 16:15

Updated : 2024-05-24 01:14

NVD link : CVE-2023-52827

Mitre link : CVE-2023-52827

CVE.ORG link : CVE-2023-52827

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2023-52827", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2024-05-21T16:15:20.463", "references": [{"url": "https://git.kernel.org/stable/c/1bc44a505a229bb1dd4957e11aa594edeea3690e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/79527c21a3ce04cffc35ea54f74ee087e532be57", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/c9e44111da221246efb2e623ae1be40a5cf6542c", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()\n\nlen is extracted from HTT message and could be an unexpected value in\ncase errors happen, so add validation before using to avoid possible\nout-of-bound read in the following message iteration and parsing.\n\nThe same issue also applies to ppdu_info->ppdu_stats.common.num_users,\nso validate it before using too.\n\nThese are found during code review.\n\nCompile test only."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: ath12k: corrige una posible lectura fuera de los l\u00edmites en ath12k_htt_pull_ppdu_stats(). len se extrae del mensaje HTT y podr\u00eda ser un valor inesperado en caso de que ocurran errores, as\u00ed que agregue validaci\u00f3n antes de usarlo para evitar una posible lectura fuera de los l\u00edmites en la siguiente iteraci\u00f3n y an\u00e1lisis del mensaje. El mismo problema tambi\u00e9n se aplica a ppdu_info->ppdu_stats.common.num_users, as\u00ed que val\u00eddelo antes de usarlo tambi\u00e9n. Estos se encuentran durante la revisi\u00f3n del c\u00f3digo. Compilar prueba \u00fanicamente."}], "lastModified": "2024-05-24T01:14:46.933", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8037DB00-CF94-499F-A19D-763AB1141887", "versionEndExcluding": "6.5.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B58252FA-A49C-411F-9B28-DC5FE44BC5A0", "versionEndExcluding": "6.6.3", "versionStartIncluding": "6.6"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}