cve-2023-52827
Vulnerability from cvelistv5
Published
2024-05-21 15:31
Modified
2024-11-29 10:54
Severity ?
Summary
wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()
Impacted products
Vendor Product Version
Linux Linux Version: 6.3
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52827",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-22T18:23:07.677346Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:22:45.297Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:36.061Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/79527c21a3ce04cffc35ea54f74ee087e532be57"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c9e44111da221246efb2e623ae1be40a5cf6542c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1bc44a505a229bb1dd4957e11aa594edeea3690e"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath12k/dp_rx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "79527c21a3ce",
              "status": "affected",
              "version": "d889913205cf",
              "versionType": "git"
            },
            {
              "lessThan": "c9e44111da22",
              "status": "affected",
              "version": "d889913205cf",
              "versionType": "git"
            },
            {
              "lessThan": "1bc44a505a22",
              "status": "affected",
              "version": "d889913205cf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath12k/dp_rx.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()\n\nlen is extracted from HTT message and could be an unexpected value in\ncase errors happen, so add validation before using to avoid possible\nout-of-bound read in the following message iteration and parsing.\n\nThe same issue also applies to ppdu_info-\u003eppdu_stats.common.num_users,\nso validate it before using too.\n\nThese are found during code review.\n\nCompile test only."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-29T10:54:29.423Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/79527c21a3ce04cffc35ea54f74ee087e532be57"
        },
        {
          "url": "https://git.kernel.org/stable/c/c9e44111da221246efb2e623ae1be40a5cf6542c"
        },
        {
          "url": "https://git.kernel.org/stable/c/1bc44a505a229bb1dd4957e11aa594edeea3690e"
        }
      ],
      "title": "wifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()",
      "x_generator": {
        "engine": "bippy-8e903de6a542"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52827",
    "datePublished": "2024-05-21T15:31:30.837Z",
    "dateReserved": "2024-05-21T15:19:24.251Z",
    "dateUpdated": "2024-11-29T10:54:29.423Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-52827\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-05-21T16:15:20.463\",\"lastModified\":\"2024-11-21T08:40:40.303\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nwifi: ath12k: fix possible out-of-bound read in ath12k_htt_pull_ppdu_stats()\\n\\nlen is extracted from HTT message and could be an unexpected value in\\ncase errors happen, so add validation before using to avoid possible\\nout-of-bound read in the following message iteration and parsing.\\n\\nThe same issue also applies to ppdu_info-\u003eppdu_stats.common.num_users,\\nso validate it before using too.\\n\\nThese are found during code review.\\n\\nCompile test only.\"},{\"lang\":\"es\",\"value\":\" En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: ath12k: corrige una posible lectura fuera de los l\u00edmites en ath12k_htt_pull_ppdu_stats(). len se extrae del mensaje HTT y podr\u00eda ser un valor inesperado en caso de que ocurran errores, as\u00ed que agregue validaci\u00f3n antes de usarlo para evitar una posible lectura fuera de los l\u00edmites en la siguiente iteraci\u00f3n y an\u00e1lisis del mensaje. El mismo problema tambi\u00e9n se aplica a ppdu_info-\u0026gt;ppdu_stats.common.num_users, as\u00ed que val\u00eddelo antes de usarlo tambi\u00e9n. Estos se encuentran durante la revisi\u00f3n del c\u00f3digo. Compilar prueba \u00fanicamente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.5.13\",\"matchCriteriaId\":\"8037DB00-CF94-499F-A19D-763AB1141887\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6\",\"versionEndExcluding\":\"6.6.3\",\"matchCriteriaId\":\"B58252FA-A49C-411F-9B28-DC5FE44BC5A0\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1bc44a505a229bb1dd4957e11aa594edeea3690e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/79527c21a3ce04cffc35ea54f74ee087e532be57\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c9e44111da221246efb2e623ae1be40a5cf6542c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1bc44a505a229bb1dd4957e11aa594edeea3690e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/79527c21a3ce04cffc35ea54f74ee087e532be57\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c9e44111da221246efb2e623ae1be40a5cf6542c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.